Malicious code in metronome-utils (npm)

The package metronome-utils was found to contain malicious code...

MAL-2025-48501 Malicious code in metronome-utils (npm)

The package metronome-utils was found to contain malicious code...

EUVD-2014-2770

Malware in sbrugna...

MAL-2023-7988 Malicious code in metronome-synth-info-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e99092c601ede7db26a42e21544d65cff430ba4d36d1a76232973801b8d3fec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in metronome-synth-info-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e99092c601ede7db26a42e21544d65cff430ba4d36d1a76232973801b8d3fec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-7962 Malicious code in metronome-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0cf76f2b5ff445af25432d07cf047463c3b04b7e3b4fdc49b24b3521f7748b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in metronome-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0cf76f2b5ff445af25432d07cf047463c3b04b7e3b4fdc49b24b3521f7748b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

async-metronome (=0.2.0), bach (>=0.0.1 <=0.0.2) +18 more potentially affected by CVE-2020-35926 via nanorand (=0.4.4)

nanorand CARGO version =0.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on nanorand and may be impacted: - async-metronome =0.2.0 - bach =0.0.1, =0.8.6, =0.1.0, =0.1.0, =0.4.3, =0.1.0, =0.0.1, =0.1.3, =0.1.4 - rune-cli =0.7.0 and more Source cves:...

MixPad v4.40 - Unicode Buffer Overflow Exploit

!/usr/bin/python Exploit Author: Gionathan "John" Reale Exploit Title: NCH Software MixPad v4.40 - Unicode Buffer Overflow Date: 2018-12-12 Vulnerable Software: NCH Software MixPad Vendor Homepage: http://www.nch.com.au/ Version: v4.40-v4.10 Tested On: Windows 7 PoC: generate crash.txt, options,...

MixPad 5.00 Buffer Overflow

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: NCH Software MixPad v5.00 - Unicode Buffer Overflow Date: 21-01-2017 Vulnerable Software: NCH Software MixPad Vendor Homepage: http://www.nch.com.au/mixpad Version: v5.00 Software Link: http://www.nch.com.au/mixpad/mpsetup.exe...

MixPad 5.00 - Buffer Overflow

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: NCH Software MixPad v5.00 - Unicode Buffer Overflow Date: 21-01-2017 Vulnerable Software: NCH Software MixPad Vendor Homepage: http://www.nch.com.au/mixpad Version: v5.00 Software Link: http://www.nch.com.au/mixpad/mpsetup.exe...

Metronome Beats - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Metronome Beats published at the 'play' market has multiple vulnerabilities...

CVE-2014-2744

plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...

CVE-2014-2743

plugins/modcompression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

CVE-2014-2744

plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...

Code injection

plugins/modcompression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

CVE-2014-2743

plugins/modcompression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

CVE-2014-2744

CVE-2014-2744 affects Prosody (Lua XMPP server) before 0.9.4 and Lightwitch Metronome through 3.4. The vulnerability arises when stream compression is negotiated during an unauthenticated session, allowing a remote attacker to cause a denial of service via highly compressed XML elements in an XMP...

CVE-2014-2744

plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...

CVE-2014-2743

Lightwitch Metronome up to version 3.4 is affected by a flaw in plugins/mod_compression.lua that does not properly restrict processing of compressed XML elements. This enables remote attackers to cause denial of service by sending a crafted XMPP stream (an “xmppbomb” attack), compromising availab...