Malicious code in @zalastax/nolb-omu (npm)

The package @zalastax/nolb-omu was found to contain malicious code...

MAL-2025-12824 Malicious code in @zalastax/nolb-omu (npm)

The package @zalastax/nolb-omu was found to contain malicious code...

CVE-2015-8334

SQL injection vulnerability in the Operation and Maintenance Unit OMU in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request...

CVE-2015-8333

The Operation and Maintenance Unit OMU in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets...

CVE-2015-8331

The Operation and Maintenance Unit OMU in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID...

Design/Logic Flaw

The Operation and Maintenance Unit OMU in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets...

CVE-2015-8333

The Operation and Maintenance Unit OMU in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets...

CVE-2015-8331

The Operation and Maintenance Unit OMU in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID...

CVE-2015-8333

The CVE-2015-8333 issue affects Huawei VCN500: the Operation and Maintenance Unit (OMU) before V100R002C00SPC200 allows remote authenticated users to change the media server IP address via crafted packets due to improper user privileges. The Huawei security advisory HWPSIRT-2015-07045 notes this ...

CVE-2015-8331

CVE-2015-8331 affects Huawei VCN500’s OMU prior to V100R002C00SPC200, where the session ID is not properly invalidated after an abnormal exit. This allows remote attackers to perform replay attacks by resubmitting a valid session identifier. Impact is described as unauthorized access via the repl...

Huawei VCN500 SQL注入漏洞

华为VCN500（Video Cloud Node）视频云节点产品中OMU模块对收到的HTTP请求消息没有做参数校验，攻击者可发送手工构造的报文对系统发起SQL注入攻击。攻击者可以利用该漏洞获取VCN500中的用户数据或进行非法操作。 技术细节 1. 前提条件： 攻击者可以以合法用户身份登录VCN500。 2. 攻击步骤： 攻击者构造特殊的HTTP请求报文发送给VCN500的OMU模块。...

Security Advisory - Improper User Privileges Vulnerability in VCN500

The operation and maintenance unit OMU of Huawei VCN500 Video Cloud Node does not configure user privileges properly. By exploiting this vulnerability, ordinary users can modify the IP address of the media server in system management by sending specially crafted packets to the OMU interface,...