17 matches found
Malicious code in money-badger-open-rpc-test-bugbount (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35c3ecacb08f3cfb0b165eadaafd3a0d6acfffc34898a6149370c8cc9ba3843e The package money-badger-open-rpc-test-bugbount was found to contain malicious code. Source: ossf-package-analysis...
CVE-2021-22352
There is a Configuration Defect Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands...
Google Cloud Looker 安全漏洞
Google Cloud Looker is an online tool used by Google, Inc. to transform data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from improper handling of Teradata driver parameters, which could lead to the execution of...
EUVD-2021-27190
Malware in sbrugna...
EUVD-2016-10738
Malware in sbrugna...
EUVD-2024-0674
Malicious code in bioql PyPI...
CVE-2024-45482
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL 4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands...
MAL-2025-1680 Malicious code in ownyourcode (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ae49ecc59ae81e10af1589cca5d026e0fb03269a4490c4934d61934a157d7b86 The OpenSSF Package Analysis project identified 'ownyourcode' @ 12.1.1 npm as malicious. It is considered malicious because: - The package...
MAL-2024-8932 Malicious code in @the-c-company/common-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e18cae6ce0c3de2fe7988c316471f5383433deaa0e8b9bf0376b69b634188218 The OpenSSF Package Analysis project identified '@the-c-company/common-utils' @ 1.0.0 npm as malicious. It is considered malicious because: - Th...
Malicious code in cra-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e49ccaa79a7296b7f1237beb3210cabf6610aab5c68e2c349b1fff4d3b2bb332 The OpenSSF Package Analysis project identified 'cra-docs' @ 7.999.45 npm as malicious. It is considered malicious because: - The package...
GHSA-95RP-6GQP-6622 Command Injection Vulnerability in find-exec
Older versions of the package are vulnerable to Command Injection as an attacker controlled parameter. As a result, attackers may run malicious commands. For example: const find = require"find-exec"; find"mplayer; touch hacked" This creates a file named "hacked" on the filesystem. You should neve...
Malicious Command Execution
xxl-job-core is vulnerable to malicious command execution. Lack of sanitization of new task in task management module of the background management allows an attacker to inject and execute malicious commands...
CVE-2022-28171
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device...
CVE-2021-40000
The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end...
CVE-2021-40000
CVE-2021-40000 concerns Huawei HarmonyOS Wearables. The issue is an out-of-bounds write in the Bluetooth module, with possible remote command execution at the device end. Documented sources (NVD/CNNVD/CNVD) identify the Bluetooth module as affected and describe the impact as remote code execution...
Bugzilla多个远程安全漏洞
BUGTRAQ ID: 25420 Bugzilla是很多软件项目都在使用的基于Web的bug跟踪系统。 Bugzilla的实现上存在多个远程安全漏洞,远程攻击者可能利用这些漏洞在服务器上执行恶意命令或导致信息泄露。 在归档bug的时候Bugzilla没有正确地转义指导表单中的buildid字段,这可能允许用户通过向enterbug.cgi提交恶意URL覆盖User-Agent字符串,执行跨站脚本攻击。...
Netscape iCal 2.1 Patch2 - iPlanet iCal 'csstart' Local Privilege Escalation
source: https://www.securityfocus.com/bid/1769/info Netscape's iPlanet iCal application is a network based calendar service built for deployment in organizations which require a centralized calendar system. Certain versions of iCal ship with a vulnerability in /opt/SUNWicsrv/cal/bin/csstart...