Malicious Package

Overview transform-dev is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The packag...

EUVD-2019-15012

Malware in sbrugna...

EUVD-2022-48307

Malicious code in bioql PyPI...

APT Package Manager Persistence

This module will run a payload when the APT package manager is used. This module creates a pre-invoke hook for APT in apt.conf.d. Write access to the apt.conf.d directory is required, typically requiring root access. The hook name is randomized if not specified. Verified on Ubuntu 22.04 Module...

Jenkins Plugin NodeJS 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-3280 · Unknown +1 · Ldap Account Manager +1

Name of the Vulnerable Software and Affected Versions: LDAP Account Manager versions prior to 8.0 Description: The issue is related to the lack of protection for confidential information in the LDAP Account Manager web application. Exploitation of this issue may allow an attacker to obtain LDAP...

AutomatedLab - A Provisioning Solution And Framework That Lets You Deploy Complex Labs On HyperV And Azure With Simple PowerShell Scripts

AutomatedLab AL enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time. There are only two requirements you need to make sure: You need the DVD ISO images and a Hyper-V host or an Azure subscription. Requirements Apart fr...

MGASA-2021-0231 Updated dnsmasq packages fix a security vulnerability

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ...

Security Bulletin: Vulnerabilities in IBM SDK for Node.js affect IBM Business Process Manager Configuration Editor (CVE-2015-8027, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2015-8027 DESCRIPTION: An unspecified vulnerability ...

Security Bulletin: Vulnerabilities in IBM SDK for Node.js affect IBM Business Process Manager Configuration Editor (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js is used by IBM Business Process Manager...

F5 Networks BIG-IP : list.jsp XSS vulnerability (SOL15296)

A cross-site scripting XSS vulnerability exists in list.jsp for the BIG-IP and Enterprise Manager Configuration utilities. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution SOL15296. The text description of this...

SchoolMation 2.3 - SQLi and XSS Vulnerability

No description provided by source. ==================================================== SchoolMation Version 2.3 SQLi and XSS Vulnerability ==================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...

SOL15296 - list.jsp XSS vulnerability CVE-2014-3959

A cross-site scripting XSS vulnerability exists in list.jsp for the BIG-IP and Enterprise Manager Configuration utilities. CVE-2014-3959...

SchoolMation Version 2.3 SQLi and XSS Vulnerability

Exploit for php platform in category web applications =================================================== SchoolMation Version 2.3 SQLi and XSS Vulnerability =================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'...