Malicious code in python-requirements (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 40fa77c47c3649fce85f601f8aa10bf13674e5db4a2d35f125cb48b77d65f99d The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

VulnCheck KEV: CVE-2025-33053

Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files...

July 12, 2022—KB5015862 (Security-only update)

July 12, 2022—KB5015862 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. IMPORTANT Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached the end of...

NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution

Summary The BEopt™ Building Energy Optimization Tool software provides capabilities to evaluate residential building designs and identify cost-optimal efficiency packages at various levels of whole-house energy savings along the path to zero net energy. Description BEopt suffers from a DLL...

BlueControl 3.5 SR5 Insecure Library Loading Arbitrary Code Execution

Summary Engineering Tool for West Pro Series of controllers KS20-1, KS92-1, TB40-1, KS800, KS816, Dig280-1, KS vario, CI45, KS45, SG45, TB45, RL400, Pro96, CAL4600. Description BlueControl suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries...

Microsoft Windows "CreateProcess()" .cmd和.bat安全绕过漏洞

Bugtraq ID:66619 CVE ID:CVE-2014-0315 Windows是一款由美国微软公司开发的窗口化操作系统。 由于当操作系统处理关于"CreateProcess"方法的.bat和.cmd文件时没有正确限制文件路径，攻击者可以利用漏洞执行特制的可执行文件，例如由诱使用户打开位于远程WebDAV或SMB共享的应用程序。 0 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows RT Microsoft Windows RT 8.1 Microsoft Window...

FFFTP Untrusted Search Path Vulnerability (Windows) - Dec 11

The host is running FFFTP and is prone to untrusted search path vulnerability. OpenVAS Vulnerability Test $Id: secpodffftpuntrustedsearchpathvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ FFFTP Untrusted Search Path Vulnerability Windows - Dec 11 Authors: Madhuri D Copyright: Copyright c 2011 SecPo...

Microsoft ATL/MFC跟踪工具'dwmapi.dll' DLL装载任意代码执行漏洞

Bugtraq ID: 42811 CVE ID：CVE-2010-3190 Microsoft Visual Studio是微软公司的开发工具套件系列产品，是一个基本完整的开发工具集，包括了软件整个生命周期中所需要的大部分工具。 Microsoft Visual Studio中使用的ATL MFC Trace Tool AtlTraceTool8.exe工具不安全装载'dwmapi.dll'库，攻击者可以诱使用户在远程WebDAV或SMB共享上打开 TRC，cu，rs，rc或res文件，可以以用户安全上下文装载任意库。 Microsoft Visual Studio 2010 0...

AOL Instant Messenger Insecure Library Loading Vulnerability

A vulnerability has been discovered in AOL Instant Messenger, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. Libraries list called is as follows: • dwmapi.dll This can be exploit...

WinMerge Insecure Library Loading Vulnerability

A vulnerability has been discovered in WinMerge,which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. Libraries list called is as follows: • mfc71enu.dll • mfc71loc.dll This can be...