7612 matches found
Malicious code in fworit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ed926bf3a44788ba5620ba3ef2a3d4bb1bf64dd35797dbfafd5e7c9c991a4f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in uworut (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94a75c1d9dba41b228d5979bb4c983eee613e504985724579e7b775e47227cbb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-45177
za-internet C-MOR Video Surveillance versions 5.2401–6.00PL01 are vulnerable to persistent cross-site scripting via the web interface due to inadequate input validation. The PT Security advisory notes this can allow remote script injection. Remediation: apply the patch for 5.2401 and 6.00PL01; up...
ALSA-2024:6356 Important: bubblewrap and flatpak security update
Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...
Malicious code in @diotoborg/aperiam-iste (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8b1e84bd8de9f5a3048435ab58b5bb57df28c17c5ecff7a2ac6de63784c3067 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/consectetur-consequuntur (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9282f643a0e7520d88d082ff71319849893e610b6ac28c0ce0bf1f1bc031ce48 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/illo-amet-architecto (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b73e91c63f416e494f7d9d204af037bb6f58c12d895f9a38c38473e50f2ed94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/consequatur-facilis-qui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dec70184c6ca2f4543784f4ab8cecc957a7692d0e4bbd26cd2d8f0a61812bf51 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/rem-eum (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f393166e307c466a1627df4c9dd74f6aeb84e03a4a2175049e368b1a90710e66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/nam-voluptates-in (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b1c78d692dd69047016cb20f6be4ee4e759c177708dc8dd7487fd20fa36f3c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/architecto-reprehenderit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e8dd0516a6c5552999774afc0e9a3789cb45e5888eb1648e3d7d92c8ae2db7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/repellendus-est (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 025ad2a4a8a3e55e1596e4acea55c95e0a3acb90c397b7677ff2763ad776c7d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
HTTP Microsoft SQL Injection Table XSS Infection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Microsoft SQL Injection Table XSS Infection', 'Description' = %q This module implements the mass SQL injection attack in use lately by...
Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign
Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control C2 mechanism. The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the goal of targeti...
Malicious code in sweet-ruin-immortals-after-dark-16-by-kresley-cole-on-audiobook-full-volumes- (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6ddd212ce30f7b7db65579b6f4be56f10137c104c7ab63553566ccd90a1ff3e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in as-rest-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00a576994460aeca57d9642938bbd4c214c2fc5138f9513388b070cb882fde29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-4872
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential...
CVE-2024-4872
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential...
The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and group services provided by Apache ZooKeeper, related to exposing confidential information to unauthorized individuals, allows attackers to gain access to confidential information.
The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and providing group services in Apache ZooKeeper is related to the absence of ACL checks during the operation of the persistent observer. Exploiting this vulnerability...
PT-2024-5891 · Unknown · Uefi Firmware
Name of the Vulnerable Software and Affected Versions: UEFI firmware affected versions not specified Description: A vulnerability related to the use of an insecure Platform Key PK has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signe...