MAL-2025-36465 Malicious code in test-mlw2-toged-vapid (npm)

The package test-mlw2-toged-vapid was found to contain malicious code...

Malicious code in test-mlw2-toged-vapid (npm)

The package test-mlw2-toged-vapid was found to contain malicious code...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

SUSE CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

Fedora 39 : firefox / nss (2023-9de52d46bd)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-9de52d46bd advisory. Update NSS to 3.95 Update Firefox to 121.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

Design/Logic Flaw

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

UBUNTU-CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

CVE-2023-6868

CVE-2023-6868 affects Mozilla Firefox on Android. The issue allows a user-agent to send push requests without a valid VAPID even when the push subscription defines one, enabling empty messages to be sent by unauthorized parties. Impact is limited to Firefox

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

Immunity Canvas: JQUERY_FILE_UPLOAD

Name| jqueryfileupload ---|--- CVE| CVE-2018-9206 Exploit Pack| CANVAS Description| Blueimp jQuery-File-Upload Arbitrary Upload Notes| CVE Name: CVE-2018-9206 VENDOR: Notes: The exploit tests different paths on the target server Repeatability: Infinite References:...

Swim Team <= v1.44.10777 - Local File Inclusion

The code in ./wp-swimteam/include/user/download.php doesn't sanitize user input from downloading sensitive system files. PoC $ curl "http://www.vapidlabs.com/wp-content/plugins/wp-swimteam/include/user/download.php?file=/etc/passwd=/etc/passwd=text/html=1=/usr/share/wordpress"...

Ice Cold Apps Servers Ultimate 6.0.2(12) Remote Command Execution

Ice Cold Apps Servers Ultimate version 6.0.212 for Android has no credentials by default and authentication is disabled for telnet/ssh/ftp, allowing remote access to the device's storage. Multiple vulnerabilities in Ice Cold Apps Servers Ulitmate Version 6.0.212 for Android 9/8/13 Larry W...

Ruby Gem Karteek Docsplit 0.5.4 Command Injection Vulnerability

Ruby Gem Karteek Docsplit version 0.5.4 fails to sanitize user-supplied input. If a user is tricked into extracting a file with shell characters in the name, code can be executed remotely. Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4 4/1/2013 Larry W. Cashdollar @larry0 User supplied...

Two vulnerabilities for PatchLink Update Client for Unix.

PatchLink Update Unix Client File clobbering vulnerability Larry W. Cashdollar Vapid Labs 1/17/2008 Overview From the vendor: “PatchLink Update™ provides rapid, accurate and secure patch management, allowing you to proactively manage threats by automating the collection, analysis and delivery of...

SunOS 5.7 Catman - Local Insecure tmp Symlink Clobber

!/usr/local/bin/perl -w The problem is catman creates files in /tmp insecurly. They are based on the PID of the catman process, catman will happily clobber any files that are symlinked to that file. The idea of this script is to watch the process list for the catman process, get the pid and Creat...