Lucene search
K

88 matches found

NVD
NVD
added 2022/11/07 3:15 p.m.22 views

CVE-2022-44053

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...

9.8CVSS0.00923EPSS
Exploits0References3
OSV
OSV
added 2022/11/07 3:15 p.m.2 views

CVE-2022-44053

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...

9.8CVSS6.2AI score0.00923EPSS
Exploits0References3
Prion
Prion
added 2022/11/07 3:15 p.m.17 views

Code injection

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...

7.5CVSS9.6AI score0.00923EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/11/07 3:15 p.m.3 views

PYSEC-2022-43082

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...

9.8CVSS6.3AI score
Exploits0References3
PyPA
PyPA
added 2022/11/07 3:15 p.m.5 views

PYSEC-2022-43127

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...

9.8CVSS7.6AI score0.00923EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2022/11/07 3:15 p.m.8 views

PYSEC-2022-43082

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...

9.8CVSS7.6AI score0.00923EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/11/07 3:15 p.m.4 views

PYSEC-2022-43127

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...

9.8CVSS7.7AI score
Exploits0References3
CNNVD
CNNVD
added 2022/11/07 12:0 a.m.4 views

Democritus Project 代码问题漏洞

Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A code execution vulnerability exists in Democritus Project d8s-networking, which stems from the existence of a potential code execution backdoor inserted by a third party i...

9.8CVSS8AI score0.00923EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.5 views

PT-2022-27094 · Pypi · D8S-Networking +2

Name of the Vulnerable Software and Affected Versions: d8s-networking versions 0.1.0 d8s-htm version 0.1.0 Description: The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by...

9.8CVSS9.6AI score0.00923EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.5 views

PT-2022-37390 · Pypi +2 · D8S-Networking +2

Name of the Vulnerable Software and Affected Versions: d8s-networking affected versions not specified d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party into the d8s-networking package for Python, distributed on PyPI. Another affected package is...

9.8CVSS7.5AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.3 views

PT-2022-37345 · Pypi · D8S-Htm +2

Name of the Vulnerable Software and Affected Versions: d8s-networking affected versions not specified d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party into the d8s-networking package for Python, distributed on PyPI. Another affected package is...

9.8CVSS7.5AI score
Exploits0References4
CVE
CVE
added 2022/11/07 12:0 a.m.50 views

CVE-2022-44053

CVE-2022-44053 affects d8s-networking (Python, PyPI) and its related components, with a backdoor in the third-party democritus-user-agents package. The vulnerability arises from code-execution backdoor present in d8s-networking versions including 0.1.0 (and associated d8s-htm 0.1.0). Impact is de...

9.8CVSS9.6AI score0.00923EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2022/09/19 3:15 p.m.3 views

d8s-asns (=0.1.0), d8s-domains (=0.1.0) +8 more potentially affected by unknown CVE via democritus-user-agents (=2021.1.2101)

democritus-user-agents PYPI version =2021.1.2101 is affected by a known vulnerability. The following packages have a transitive dependency on democritus-user-agents and may be impacted: - d8s-asns =0.1.0 - d8s-domains =0.1.0 - d8s-html =0.1.0 - d8s-ip-addresses =0.1.0 - d8s-mpeg =0.1.0 -...

5.8AI score
Exploits0
Snyk
Snyk
added 2022/09/19 3:15 p.m.3 views

Malicious Package

Overview democritus-user-agents is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-user-agents package. References - GitHub...

9.8CVSS6.9AI score
Exploits0References3
Qualys Blog
Qualys Blog
added 2022/05/09 4:40 a.m.34 views

Ursnif Malware Banks on News Events for Phishing Attacks

Ursnif aka Gozi, Dreambot, ISFB is one of the most widespread banking trojans. It has been observed evolving over the past few years. Ursnif has shown incredible theft capabilities. In 2020 Ursnif rose to prominence becoming one of the top ten most prolific pieces of malware. Among its core...

0.6AI score
Exploits0
CNVD
CNVD
added 2022/03/30 12:0 a.m.14 views

WordPress Block Bad Bots plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Block Bad Bots plugin version 6.88 before the SQL injection vulnerability, the vulnerability stems from the use of SQL...

9.8CVSS2.3AI score0.01583EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/03/28 12:0 a.m.4 views

WordPress plugin Block Bad Bots SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Block Bad Bots plugin version 6.88 before the SQL injection vulnerability, the vulnerability stems from the use of SQL...

9.8CVSS6AI score0.01583EPSS
Exploits2References2
Kitploit
Kitploit
added 2021/12/24 8:30 p.m.20 views

Spray365 - Makes Spraying Microsoft Accounts (Office 365 / Azure AD) Easy Through Its Customizable Two-Step Password Spraying Approach

Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts Office 365 / Azure AD. How is Spray365 different from the many other password spraying tools that are already available? Spray365 enables passwords to be sprayed from an "execution plan". While having a...

7.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/11/22 7:15 a.m.3 views

CVE-2021-44079

In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution...

9.8CVSS7.6AI score0.03288EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/10/27 12:0 a.m.226 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0094)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have...

8.8CVSS7.7AI score0.01556EPSS
Exploits1References21
Rows per page
Query Builder