Malicious code in uri-parse (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@antv/dumi-theme-antv (>=0.3.0 <=0.8.4), @hjkl6/dumi-theme-antv (>=0.5.6 <=0.5.9) +3 more potentially affected by unknown CVE via uri-parse (=1.0.0)

uri-parse NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on uri-parse and may be impacted: - @antv/dumi-theme-antv =0.3.0, =0.5.6, =0.0.1, =0.1.1, =0.1.0, =0.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-URIPARSE-16754451...

The vulnerability of the URI_FUNC() function in the UriParse.c component of the UriParser parser allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the URIFUNC function in the UriParse.c component of the UriParser parser is related to reading data beyond the allowable buffer size limits. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service...

PT-2022-16831 · Uri.Js · Uri.Js

Name of the Vulnerable Software and Affected Versions: URI.js versions prior to 1.19.9 Description: The issue arises from whitespace characters not being removed from the beginning of the protocol, resulting in improper URL parsing. This can cause protocol validation mechanisms to fail. The probl...

YesWiki 0.2 - &#039;squelette&#039; Directory Traversal

Exploit Title: YESWIKI 0.2 - Path Traversal Date: 2015-09-02 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: http://yeswiki.net Software Link: https://github.com/YesWiki/yeswiki Version: yeswiki 0.2 Tested on: Debian Wheezy CVE : none...

LoveCMS 1.6.2 Final Update Settings Remote Exploit

Exploit for unknown platform in category web applications ================================================== LoveCMS 1.6.2 Final Update Settings Remote Exploit ================================================== !/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- LoveCMS Exploit Series...

LoveCMS 1.6.2 Final - Remote Code Execution

!/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- pomdapimpatgmaildotcom LoveCMS Exploit Series Episode 1: adding a side block Description: add some php into a block container on the side of the site. phpinfo is called. Usage: ./LoveCMS1blocks.rb Ex: ./LoveCMS1blocks.rb...