216 matches found
CVE-2017-16053
The CVE-2017-16053 issue involves the npm package fabric-js , published as malware intended to hijack environment variables. Several connected sources (GHSA advisory, npm advisory, and CVE records) confirm that all versions were unpublished from the npm registry and that the malware steals enviro...
CVE-2017-16045
jquery.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Code injection
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Code injection
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Code injection
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16061
The CVE refers to the npm package named tkinter, described as malware that steals environment variables and exfiltrates them to attacker-controlled locations. All versions have been unpublished from the npm registry. The MITRE-style impact is primarily confidentiality loss, with practical risk th...
CVE-2017-16062
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
MISP cross-site scripting vulnerability (CNVD-2018-06388)
MISP is a suite of open source software solutions for collecting, storing, distributing and sharing cybersecurity metrics and threats cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in the app/View/Events/resolvedattributes.ctp file in MISP. A remote...
CVE-2018-8948
In MISP before 2.4.89, app/View/Events/resolvedattributes.ctp has multiple XSS issues via a malicious MISP module...
Malicious Module
pandora-doomsday and test-module-a are modules which can infect other modules. During installation, the module runs a postinstall script that adds the package's author mr-robot as an owner to every other package owned by the user that ran the npm install method...
Updated perl-Module-Signature packages fix security vulnerabilities
Updated perl-Module-Signature package fixes the following security vulnerabilities reported by John Lightsey: Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying t...
Mozilla Firefox PKCS11 Module Installation Code Execution
Added: 09/24/2009 CVE: CVE-2009-3076 BID: 36343 OSVDB: 57977 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem The warning dialog displayed when adding or removing security modules via pkcs11.addmodule or pkcs11.deletemodule can be customized by a...
Insufficient warning for PKCS11 module installation and removal — Mozilla
Mozilla security researcher Jesse Ruderman reported that when security modules were added or removed via pkcs11.addmodule or pkcs11.deletemodule, the resulting dialog was not sufficiently informative. Without sufficient warning, an attacker could entice a victim to install a malicious PKCS11 modu...
DEBIAN-CVE-2008-2230
Untrusted search path vulnerability in 1 reportbug 3.8 and 3.31, and 2 reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory...
CVE-2008-2230
Untrusted search path vulnerability in 1 reportbug 3.8 and 3.31, and 2 reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory...
GTK+ 1.2.8 - Arbitrary Loadable Module Execution
GTK+ 1.2.8 - Arbitrary Loadable Module Execution // source: https://www.securityfocus.com/bid/2165/info GTK+ is the Gimp Toolkit, freely available to the public and maintained by the GTK Development Team. A problem exists in the Gimp Toolkit that could allow a user elevated privileges. The proble...