13 matches found
Malicious code in search-connector-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24aea8e5a7338c49dc96e3945ed4d695024c2e169f560e6f3426005ca4666ea4 package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identity hostname, username, homedi...
CVE-2024-44722
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...
CVE-2024-44722
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...
CVE-2019-25333 Bullwark Momentum Series JAWS 1.0 - 'Momentum Series JAWS' Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. Attackers can exploit the vulnerability by sending crafted GET requests with multiple '../' sequences to read sensitive...
CVE-2021-28149
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out with a web...
EUVD-2025-14164
Malicious code in bioql PyPI...
PT-2025-32307
Name of the Vulnerable Software and Affected Versions Operator-SDK versions prior to 0.15.2 Description Early versions of Operator-SDK included an insecure method for operator containers to run in environments utilizing a random UID. A script, user setup, modified the permissions of the /etc/pass...
PT-2025-20554
Name of the Vulnerable Software and Affected Versions OpenShift Mirror Registry affected versions not specified Description A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the /etc/passwd file. This flaw allo...
PT-2024-30674 · Kieback & Peter · Kieback & Peter'S Ddc4000 Series
Name of the Vulnerable Software and Affected Versions: Kieback & Peter's DDC4000 series affected versions not specified Description: The issue is related to insufficiently protected credentials, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of...
CVE-2024-28753
RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request...
CVE-2020-8009
AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file...
Bullwark Momentum Series JAWS 1.0 - Directory Traversal
Title: Bullwark Momentum Series JAWS 1.0 - Directory Traversal Date: 2019-12-11 Author: Numan Türle Vendor Homepage: http://www.bullwark.net/ Version : Bullwark Momentum Series Web Server JAWS/1.0 Software Link : http://www.bullwark.net/Kategoriler.aspx?KategoriID=24 POC --------- GET...
SGI IRIX 5.3 - 'Cadmin' Local Privilege Escalation
source: https://www.securityfocus.com/bid/335/info A vulnerability exists in the chost and cimport programs, as shipped with SGI's Irix 5.x operating system. chost is part of the Cadmin package. By failing to validate the real userid, these programs allow any user to edit protected files, such as...