Malicious code in veteran (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a20dd9f8d6a9df01d766c25693711d90e4303e3c68fa371f0b842f83c485b4 On npm install, the package's postinstall hook install.js, registered via package.json line 10 "postinstall": "node install.js" downloads a...

Huawei Manageone 输入验证错误漏洞

Huawei Manageone is a cloud data center management solution from Huawei of China. huawei ManageOne is vulnerable due to a lack of checksum when the program uses certain parameters from external files. An attacker could use the vulnerability to construct a malicious file to achieve elevation of...

Mitochrome upgrade process has an arbitrary file download vulnerability

Meitu Xiu Xiu is a photo manipulation software. Mito Xiu Xiu in the upgrade process exists arbitrary file download vulnerability, due to the program in the update process does not use any encryption algorithms, the query domain name does not exist any checksum mechanism, the new version of the...

Beijing Joyful Growth Technology Co., Ltd. new growth APP there are arbitrary cell phone number registration vulnerability

New Growth APP is an application to record the growth of parents and children developed by Beijing Joyful Growth Technology Co. Ltd. There is an arbitrary cell phone number registration vulnerability in the New Growth APP. Due to the small number of verification code digits and the lack of checks...