MAL-2026-4347 Malicious code in @devcarron/clob (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

EUVD-2024-16260

Malicious code in bioql PyPI...

CVE-2024-0465

A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument downloadfile leads to path traversal: '../filedir'. The exploit has been disclosed to the...

Command Injection Vulnerability in Schneider Pelco Sarix Pro Camera set Program system.download.sd_file

Pelco Sarix Pro is a video surveillance device from Schneider Electric France. A command injection vulnerability exists in the Schneider Pelco Sarix Pro camera set program system.download.sdfile, which can be exploited by an attacker to execute arbitrary commands in the background via an http...

CVE-2018-7235

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sdfile'...

Schneider Electric Pelco Sarix Professional Arbitrary File Download Vulnerability

The Schneider Electric Pelco Sarix Professional is a video surveillance device from Schneider Electric France. A security vulnerability in the Schneider Electric Pelco Sarix Professional using firmware prior to version 3.29.67 exists because the program fails to validate shell metacharacters with...

InterScan Web Security Virtual Appliance本地权限提升和任意文件上传/下载漏洞

BUGTRAQ ID: 41072 InterScan Web Security Virtual Appliance是一款能安装在VMware平台上的网页过滤产品。 InterScan Web Security Virtual Appliance没有正确地过滤提交给/servlet/com.trend.iwss.gui.servlet.exportreport的 exportname"参数和提交给/servlet/com.trend.iwss.gui.servlet.ConfigBackup的 pkgname参数，远程攻击者可以通过目录遍历攻击从系统下载任意文件。 InterScan W...

Cold di novel program of tasteless vulnerability-vulnerability warning-the black bar safety net

Just on chinaz visiting when found this system download the amount of near-3w, back to read the next code, found tasteless vulnerability A, The following analysis: 看 到 后台 登陆 页面 /admin/login.php ? include’data.php’; if$POST’password’==$password & $POST’adminname’==$adminname setcookie"xCookie",...

mg2-image.txt

The MG2 Image Gallery system has the ability to make create online galleries. Even password protected once. By manipulating url from a gallery, you are able to list out all pictures in every gallery. Even though they are inside a password protected folder. Sample manipulation could be:...