6 matches found
EUVD-2012-3768
Malware in sbrugna...
Malicious code in ase-jreq (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 53d3ded73c297df3a6a010b08188ed7b3fab13570e8d72492803ae3903a49939 If run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens --- Category: MALICIOUS - The campaign has...
Malicious code in aclient-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 aa9e5d91a1f45bce354edc5b12fcacf603db5e00dc4a48628d3fe5fff37d0eb2 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
CVE-2012-3821
A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field...
CVE-2012-3820
CVE-2012-3820 affects Arial Software Campaign Enterprise prior to 11.0.551. The vulnerability is multiple SQL injections in Campaign11.exe allowing an attacker to inject SQL via (1) SerialNumber to activate.asp or (2) UID to User-Edit.asp. Connections across sources confirm remote exploitation an...
CVE-2012-3820
Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the 1 SerialNumber field to activate.asp or 2 UID field to User-Edit.asp...