MAL-2026-4551 Malicious code in encrata-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e98813f52fa8e9fc3c04bffd023445dbfed4a9b405d1e3f85511673f5e86dce7 package.json declares "postinstall": "node install.js", which runs at install time. install.js requires both childprocess and https, branches on...

Malicious code in nerite-security-audit (npm)

Collects and exfiltrates sensitive data env vars, SSH keys, keystores, history via HTTPS and DNS. Suspicious domain and disabled SSL validation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87776a4e480d244c862e76238cd498aa49bd919403dad6de21a85326d6b451ed The...

HTTPS Fetch, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options...

CVE-2020-37139

CVE-2020-37139 affects Odin Secure FTP Expert 7.6.3. The issue is a local denial-of-service vulnerability caused by a buffer overflow triggered by pasting 108 bytes of repeated characters into site information/connection fields, which crashes the application. Multiple connected sources corroborat...

Do Not Enable the TFTP Service

Trivial File Transfer Protocol TFTP is used for file transfer between a Linux server and other servers, desktop systems, as well as terminal devices. TFTP does not support authentication and encryption mechanisms. Data tends to be forged, tampered with, or stolen by attackers during communication...

CVE-2010-20007

Seagull FTP Client = v3.3 Build 409 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long filename, the application fails to properly...

CVE-2010-20007 Seagull FTP v3.3 Build 409 Stack Buffer Overflow

Seagull FTP Client = v3.3 Build 409 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long filename, the application fails to properly...

CVE-2010-10014 Odin Secure FTP <= 4.1 Stack Buffer Overflow via LIST Response

Odin Secure FTP = 4.1 is vulnerable to a stack-based buffer overflow when parsing directory listings received in response to an FTP LIST command. A malicious FTP server can send an overly long filename in the directory listing, which overflows a fixed-size stack buffer in the client and overwrite...

SUSE-SU-2025:02755-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. - CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. - CVE-2025-5318: Fixed likely read beyond bounds in sftp server...

Apache InLong Deserialization Vulnerability (CNVD-2025-12411)

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong versions 1.13.0 to 2.1.0 has a deserialization vulnerability , the vulnerability stems from the application in the...

PT-2025-22800 · Unknown · Sipass Integrated Ac5102 +1

Name of the Vulnerable Software and Affected Versions: SiPass integrated AC5102 ACC-G2 All versions SiPass integrated ACC-AP All versions Description: A vulnerability has been identified where affected devices do not properly check the integrity of firmware updates. This could allow a local...

South River Technologies Titan MFT and Titan SFTP Path Traversal Vulnerabilities

South River Technologies Titan MFT and South River Technologies Titan SFTP are both products of South River Technologies.South River Technologies Titan MFT is a popular file transfer solution for managing and encrypting file transfers.South River Technologies Titan SFTP is a solution for A securi...

CVE-2023-31193

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation...

[NAZ-M3] Use safeTransfer()/safeTransferFrom() instead of transfer()/transferFrom()

Lines of code Vulnerability details Impact It is a good idea to add a require statement that checks the return value of ERC20 token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so wil...

GSD-2022-1004952 Logging of sensitive information in Wallet version Current version and possibly previous versions

In Slope Wallet, the current version and possibly previous versions the logging of sensitive information including seed phrases exist in the wallet software. This can be attacked via access to the logging data which is reportedly sent in clear text across the Internet and the logging server...

Fedora: Security Advisory for golang-github-schollz-croc (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-schollz-croc-9.5.2-2.fc36

croc is a tool that allows any two computers to simply and securely transfer files and folders...

Contract TresureDelegate.sol could be destructed

Lines of code Vulnerability details Impact The contract simply could be destructed by anyone. Proof of Concept The question is how?! Imagine, that the recipient account has a fallback function with a selfdestruct in it. ./attack.sol contract attack fallback external payable...

CVE-2022-26067

An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this...

CVE-2022-26082

A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...