MAL-2025-43038 Malicious code in @zalastax/nolb-_ned (npm)

The package @zalastax/nolb-ned was found to contain malicious code...

Malicious code in @zalastax/nolb-_ned (npm)

The package @zalastax/nolb-ned was found to contain malicious code...

Malicious code in golf-ned-project (npm)

The package golf-ned-project was found to contain malicious code...

MAL-2025-21670 Malicious code in golf-ned-project (npm)

The package golf-ned-project was found to contain malicious code...

CVE-2003-0802

Nokia Electronic Documentation NED 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . dot...

ned-cab.org.uk Open Redirect vulnerability

Open Bug Bounty ID: OBB-1145397 Security Researcher myNickName Helped patch 190 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting ned-cab.org.uk website and its users. Following...

SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4

Posted by Ned Williamson, 20% on Project Zero Introduction I have a somewhat unique opportunity in this writeup to highlight my experience as an iOS research newcomer. Many high quality iOS kernel exploitation writeups have been published, but those often feature weaker initial primitives combine...

macOS 10.14.3 iOS 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics

macOS 10.14.3 iOS 12.1.3 - Kernel Heap Overflow in PFKEY due to Lack of Bounds Checking when Retrieving Statistics / Inspired by Ned Williamsons's fuzzer I took a look at the netkey code. keygetsastat handles SADBGETSASTAT messages: It allocates a buffer based on the number of SAs there currently...

py-pillow -- Integer overflow in Resample.c

The Pillow maintainers report: If a large value was passed into the new size for an image, it is possible to overflow an int32 value passed into malloc, leading the malloc’d buffer to be undersized. These allocations are followed by a loop that writes out of bounds. This can lead to corruption on...

Nokia Electronic Documentation 5.0 Connection Redirection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8625/info A vulnerability has been discovered in Nokia Electronic Documentation NED that may allow an attacker to redirect connections to a third party system. The problem likely occurs due to the NED server failing to...

OllyDbg 1.10 Local Format String Exploit

No description provided by source. / ..:: jamikazu presents ::.. OllyDbg v110 Local Format String Exploit 0day Author: jamikazu Mail: [email protected] web: http://jamikazu.110mb.com/ Bug discovered by Ned from http://felinemenace.org/ Credit: ap0x,milw0rm...

OllyDbg 1.10 Local Format String Exploit

Exploit for unknown platform in category local exploits ======================================== OllyDbg 1.10 Local Format String Exploit ======================================== / ..:: jamikazu presents ::.. OllyDbg v110 Local Format String Exploit 0day Author: jamikazu Mail: email protected web...

CVE-2003-0801

CVE-2003-0801 – Nokia Electronic Documentation (NED) 5.0 suffers a cross-site scripting (XSS) vulnerability. A remote attacker can cause the application to execute arbitrary web script and steal cookies via a crafted URL to the docs/ directory containing the script. Public references indicate an ...

CVE-2003-0802

Summary (CVE-2003-0802): Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root and the NED server’s physical path by sending a "retrieve" action with a location parameter of ".". The connected documents reiterate the same descripti...

CVE-2003-0803

The CVE-2003-0803 entry concerns Nokia Electronic Documentation (NED) 5.0. The vulnerability allows a remote attacker to abuse NED as an open HTTP proxy by supplying a URL in the location parameter, which NED accesses and returns to the user. This describes a proxy abuse/chainable request issue a...