88 matches found
CVE-2022-44053
The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...
CVE-2022-44053
The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...
Code injection
The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43082
The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43127
The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43082
The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43127
The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...
Democritus Project 代码问题漏洞
Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A code execution vulnerability exists in Democritus Project d8s-networking, which stems from the existence of a potential code execution backdoor inserted by a third party i...
PT-2022-27094 · Pypi · D8S-Networking +2
Name of the Vulnerable Software and Affected Versions: d8s-networking versions 0.1.0 d8s-htm version 0.1.0 Description: The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by...
PT-2022-37390 · Pypi +2 · D8S-Networking +2
Name of the Vulnerable Software and Affected Versions: d8s-networking affected versions not specified d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party into the d8s-networking package for Python, distributed on PyPI. Another affected package is...
PT-2022-37345 · Pypi · D8S-Htm +2
Name of the Vulnerable Software and Affected Versions: d8s-networking affected versions not specified d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party into the d8s-networking package for Python, distributed on PyPI. Another affected package is...
CVE-2022-44053
CVE-2022-44053 affects d8s-networking (Python, PyPI) and its related components, with a backdoor in the third-party democritus-user-agents package. The vulnerability arises from code-execution backdoor present in d8s-networking versions including 0.1.0 (and associated d8s-htm 0.1.0). Impact is de...
d8s-asns (=0.1.0), d8s-domains (=0.1.0) +8 more potentially affected by unknown CVE via democritus-user-agents (=2021.1.2101)
democritus-user-agents PYPI version =2021.1.2101 is affected by a known vulnerability. The following packages have a transitive dependency on democritus-user-agents and may be impacted: - d8s-asns =0.1.0 - d8s-domains =0.1.0 - d8s-html =0.1.0 - d8s-ip-addresses =0.1.0 - d8s-mpeg =0.1.0 -...
Malicious Package
Overview democritus-user-agents is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-user-agents package. References - GitHub...
Ursnif Malware Banks on News Events for Phishing Attacks
Ursnif aka Gozi, Dreambot, ISFB is one of the most widespread banking trojans. It has been observed evolving over the past few years. Ursnif has shown incredible theft capabilities. In 2020 Ursnif rose to prominence becoming one of the top ten most prolific pieces of malware. Among its core...
WordPress Block Bad Bots plugin SQL injection vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Block Bad Bots plugin version 6.88 before the SQL injection vulnerability, the vulnerability stems from the use of SQL...
WordPress plugin Block Bad Bots SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Block Bad Bots plugin version 6.88 before the SQL injection vulnerability, the vulnerability stems from the use of SQL...
Spray365 - Makes Spraying Microsoft Accounts (Office 365 / Azure AD) Easy Through Its Customizable Two-Step Password Spraying Approach
Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts Office 365 / Azure AD. How is Spray365 different from the many other password spraying tools that are already available? Spray365 enables passwords to be sprayed from an "execution plan". While having a...
CVE-2021-44079
In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution...
NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0094)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have...