Lucene search
+L

155 matches found

OSV
OSV
added 2020/09/01 7:43 p.m.14 views

GHSA-QMXF-FXQ7-W59F Malicious Package in angular-material-sidenav-rnd

Version 0.1.1 of angular-material-sidenav-rnd contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.1.1 of this module is found...

9.8CVSS7.1AI score
Exploits0References4
Veracode
Veracode
added 2019/10/03 2:49 a.m.9 views

Malicious Package

json-serializer is a malicious package. The malicious code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

1.2AI score
Exploits0
Node.js
Node.js
added 2019/08/07 4:58 p.m.10 views

Malicious Package

Overview Version 1.1.3 of pensi-scheduler contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's...

7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/08/05 10:7 p.m.13 views

Malicious Package

Overview Version 1.0.2 of uploader-plugin contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's...

7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/06/07 8:22 p.m.16 views

Malicious Package

Overview Version 1.1.5 of ngx-pica contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...

7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/06/07 7:26 p.m.16 views

Malicious Package

Overview Version 1.0.2 of radic-util contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...

7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/06/07 7:5 p.m.14 views

Malicious Package

Overview Version 0.1.1 of grunt-radic contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...

7AI score
Exploits0Affected Software1
0day.today
0day.today
added 2019/04/01 12:0 a.m.108 views

WordPress Ultimate Member 2.0.38 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Ultimate Member Plugin 2.0.38 CSRF Discovered By: Georg Knabl Vendor Website: https://ultimatemember.com/ Software Link: https://wordpress.org/plugins/ultimate-member/ Software Download URL :...

0.01816EPSS
Exploits3
myhack58
myhack58
added 2018/06/25 12:0 a.m.24 views

See how I dig in and successfully exploited India's Popular Sports company web site Host header SQL injection vulnerability-vulnerability warning-the black bar safety net

Today I want to share one I'm doing bugbounty project, discovered a very interesting vulnerability, and this vulnerability appeared in India, a popular sports company website. This article is about“how do I use the host header to find out theSQL injectionvulnerabilities, and the use of sqlmap...

6.7AI score
Exploits0
Node.js
Node.js
added 2018/05/15 11:42 p.m.16 views

Malicious Package

Overview Version 1.0.2 of oauth-validator contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.2 of this module is found...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/15 11:26 p.m.16 views

Malicious Package

Overview Version 0.0.4 of dossier contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.4 of this module is found installed you...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/15 11:17 p.m.19 views

Malicious Package

Overview Version 0.3.1 of codify contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.3.1 of this module is found installed you...

6.9AI score
Exploits0Affected Software1
Kitploit
Kitploit
added 2016/07/07 11:26 p.m.36 views

Mimikittenz - Post-Exploitation Powershell Tool for Extracting Juicy info from Memory

mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory in order to extract plain-text passwords from various target processes. mimikittenz can also easily extract other kinds of juicy info from target processes using regex patterns including but no...

6.9AI score
Exploits0References1
n0where
n0where
added 2016/07/06 4:46 p.m.65 views

Post Exploitation Powershell Tool: mimikittenz

Post Exploitation Powershell Tool mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory in order to extract plain-text passwords from various target processes. mimikittenz can also easily extract other kinds of juicy info from target processes usi...

2.1AI score
Exploits0References1
Exploit DB
Exploit DB
added 1997/07/16 12:0 a.m.36 views

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability. Local exploit for windows platform source: http://www.securityfocus.com/bid/231/info The HKeyLocalMachine\SECURITY\Policy\Secrets\ key contains obfuscated data for various system services/resources. Clear-text usernames a...

7.3AI score
Exploits0
Rows per page
Query Builder