12 matches found
EUVD-2019-3811
Malware in sbrugna...
CVE-2019-12162
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...
Malicious code in node-upwork-oauth2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f042389769855f94f76780b3ab5957fb065f4bcfe1b005db035b50db1806649 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4892 Malicious code in node-upwork-oauth2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f042389769855f94f76780b3ab5957fb065f4bcfe1b005db035b50db1806649 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in upwork-atlas-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef31b105d745aff3f04709c1ee435b5930984fc9925c235afc43c747d1e15c22 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6817 Malicious code in upwork-atlas-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef31b105d745aff3f04709c1ee435b5930984fc9925c235afc43c747d1e15c22 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2019-12162
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...
CVE-2019-12162
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...
Privilege escalation
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...
CVE-2019-12162
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...
CVE-2019-12162
CVE-2019-12162 affects Upwork Time Tracker 5.2.2.716. The issue is that the updater does not verify the SHA256 hash of the downloaded program update before execution, which could allow replacement of update.exe and result in code execution or local privilege escalation. Documents confirm the desc...
Upwork - Get more done - Dangerous filesystem permissions, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Upwork - Get more done published at the 'play' market has multiple vulnerabilities...