Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2024/12/14 2:15 p.m.3 views

Malicious code in uchiwa-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 93c81ac91a1060b8f7257839e951572af3ef296d5fecede6f6e9bf69bca76d25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSVadded 2024/12/14 2:15 p.m.7 views

MAL-2024-11842 Malicious code in uchiwa-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 93c81ac91a1060b8f7257839e951572af3ef296d5fecede6f6e9bf69bca76d25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
OSV
OSVadded 2024/10/09 5:6 a.m.5 views

MAL-2024-9191 Malicious code in uchiwa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b78fb0f3b60891d298b32c03ea935ba7012fa9c434f044309d2107610e14bd2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References2
Snyk
Snykadded 2024/10/02 12:28 p.m.1 views

Malicious Package

Overview uchiwa is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS7AI score
Exploits0References2
Snyk
Snykadded 2024/10/02 12:28 p.m.3 views

Malicious Package

Overview uchiwa is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS7AI score
Exploits0References2
Veracode
Veracodeadded 2017/05/05 2:39 a.m.7 views

Clickjacking Attacks

github.com/sensu/uchiwa is vulnerable to clickjacking attacks. The vulnerability exists due to the lack of X-Frame-Options header in the HTTP responses sent by the web server...

6.6AI score
Exploits0
Veracode
Veracodeadded 2017/05/03 7:36 a.m.6 views

Insecure Cookies

github.com/sensu/uchiwa doesn't use correctly secured cookies for sensitive information. The SecureFlag is currently not being set in the AuthenticationToken and the XSRF-Token cookies. This allows attackers to observe the cookies as they are sent in plaintext...

6.6AI score
Exploits0
Hacker One
Hacker Oneadded 2015/11/22 8:6 a.m.16 views

Yelp: Access to internal CMS containing private Data

On November 21 2015, @nahamsec reported two Yelp IP addresses that were exposing Uchiwa dashboards on port 8080. In that dashboard, he was also able to find a hardcoded password on a Sensu check that gave him access to a RabbitMQ server running on the same machine. The immediate issue was fixed...

0.2AI score
Exploits0
Rows per page
Query Builder