5 matches found
Malicious code in duckc2-v5.3.5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 375fe67ac59d8abd545809431db7b3e818c78cd1e2d0798eaff2cad2f48069ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9229 Malicious code in duckc2-v5.3.5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 375fe67ac59d8abd545809431db7b3e818c78cd1e2d0798eaff2cad2f48069ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Command injection
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi aka Show AP info because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSyn...
CVE-2010-5330
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi aka Show AP info because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSyn...
CVE-2010-5330
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi aka Show AP info because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSyn...