Malicious code in catalyst_lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1ee883362bf9a21011ce24488ebc14e49484e96df4f64359e2b863ea0cd21a79 The OpenSSF Package Analysis project identified 'catalystlib' @ 9.7.2 npm as malicious. It is considered malicious because: - The package execut...

CVE-2020-13804

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin...

WordPress AcyMailing SMTP Newsletter Plugin <= 9.7.2 is vulnerable to Arbitrary File Upload

Software AcyMailing SMTP Newsletter Type Plugin Vulnerable versions = 9.7.2 Fixed in 9.8.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7384 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 51ad1438d775 Credits Arkadiusz Hydzik Required...

Popular Netop Remote Learning Software Found Vulnerable to Hacking

Cybersecurity researchers on Sunday disclosed multiple critical vulnerabilities in remote student monitoring software Netop Vision Pro that a malicious attacker could abuse to execute arbitrary code and take over Windows computers. "These findings allow for elevation of privileges and ultimately...

Unspecified Vulnerability in Foxit Reader and PhantomPDF

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A security vulnerability exists in Foxit Reader prior to version 9.7.2 and PhantomPDF prior to version 9.7.2, which is caused by the program not handling circular references correctly. An attacker can...

CVE-2020-13804

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin...

Foxit PhantomPDF < 9.7.2 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 9.7.2. It is, therefore affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's...

Code injection

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service deadlock and daemon hang by sending a query at the time of 1 an IXFR transfer or 2 a DDNS update...

Internet System Consortium Releases BIND Advisory

The Internet System Consortium has released an advisory to address a vulnerability affecting BIND versions 9.7.1 through 9.7.2-P3. This vulnerability may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators using the affected versions of BIND to...

ISC BIND IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability

ISC BIND is prone to a remote denial-of-service vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind";...

ISC BIND 9 9.7.2 < 9.7.2-P2 Multiple Vulnerabilities

According to its self-reported version number, the remote installation of BIND is affected by multiple vulnerabilities : - A flaw exists that allows access to a cache via recursion even though the ACL disallows it. Note that this only occurs if BIND is operating as both an authoritative and...