Malicious code in iobeya-time-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b5b2fd0fb985e16671bbfe20f9b7b2ef8e7a62cc0050b51cea290d85574f75c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the composer.phar file of the PHP Composer dependency manager allows a attacker to execute arbitrary commands.

The vulnerability of the composer.phar file of the PHP Composer dependency manager is related to the registerargcargv function in php.ini. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-4197

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1...

CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1...

CVE-2024-4196

CVE-2024-4196 – Avaya IP Office Web Control RPC/RCE issue. The vulnerability stems from improper input validation in the Web Control component of Avaya IP Office, enabling remote code execution via a crafted web request. Affected products: Avaya IP Office (Web Control) prior to version 11.1.3.1. ...

Progress Software WhatsUp Gold Security Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold version 2023.1.3 that...

Progress Software WhatsUp Gold Security Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold version 2023.1.3 that...

Avaya IP Office Security Breach

Avaya IP Office is a small business phone system from Avaya USA. A security vulnerability exists in Avaya IP Office versions prior to 11.1.3.1 that originates from allowing remote command or code execution via the One-X component...

Progress Software WhatsUp Gold Security Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold version 2023.1.3 that...

H3C Magic R230 Security Vulnerability

H3C Magic R230 is a wireless router from China's Xinhua San H3C. A security vulnerability exists in the H3C Magic R230 V100R002 version, which originates from the udpserver opening port 9034 allowing an attacker to execute arbitrary commands...

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

CVE-2023-30253 CVE-2023-30253 PoC Description This is my Po...

The vulnerability of ASUS routers, related to the unlimited loading of dangerous files, allows attackers to execute arbitrary commands.

The vulnerability of ASUS routers is related to the unlimited loading of malicious files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the PT Network Attack Discovery (PT NAD) traffic analysis system arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands on behalf of the superuser.

The vulnerability of the PT Network Attack Discovery PT NAD traffic analysis system exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on behalf of the superuser...

GeoVision EOL Operating System Command Injection Vulnerability

GeoVision EOL is a series of surveillance devices from GeoVision Japan. The GeoVision EOL suffers from an operating system command injection vulnerability that stems from an inability to properly filter user input. A remote attacker could exploit this vulnerability to inject and execute arbitrary...

Updated atril packages fix security vulnerability

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

MGASA-2024-0224 Updated atril packages fix security vulnerability

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

RLSA-2024:3264 Important: pcp security update

Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...

pcp security update

An update is available for pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot PCP is a suite of tools, services, and libraries for...

Exploit for Deserialization of Untrusted Data in Apache Dubbo

Apache ActiveMQ远程命令执行漏洞 影响版本: 5.18.0=Apache ActiveMQ5.18.3, 5.17.0=Apache ActiveMQ5.17.6, 5.16.0=Apache ActiveMQ5.16.7, 5.15.0=Apache ActiveMQ5.15.15 利用方式: 利用ActiveMQ的反序列化漏洞,可以执行任意命令 漏洞回显复现: 漏洞脚本: https://github.com/Fw-fW-fw/activemqThrowable, https://github.com/sincere9/Apache-ActiveMQ-RCE Apach...

CVE-2024-27174 insecure upload

Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this...