20 matches found
EUVD-2025-24993
Malicious code in bioql PyPI...
PT-2025-33447 · WordPress · Quttera Web Malware Scanner
Name of the Vulnerable Software and Affected Versions: Quttera Web Malware Scanner for WordPress versions up to and including 3.5.1.41 Description: The Quttera Web Malware Scanner plugin for WordPress is susceptible to Server-Side Request Forgery via the RunExternalScan function. Authenticated...
WordPress Quttera Web Malware Scanner plugin <= 3.5.1.41 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability
Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Quttera Web Malware Scanner versions = 3.5.1.41...
Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites
An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material CSAM, indicating how such information could be used to combat serious crimes. "Approximately 3,300 unique users were found with accounts on...
CVE-2023-6065
The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code...
Path traversal
IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks...
Code injection
The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code...
CVE-2023-6065
CVE-2023-6065 affects the Quttera Web Malware Scanner WordPress plugin (
CVE-2023-6065 Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure
The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code...
CVE-2023-6222 Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal
IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks...
CVE-2023-6222
CVE-2023-6222 affects the Quttera Web Malware Scanner WordPress plugin (versions before 3.4.2.1). The vulnerability is a path traversal issue caused by unvalidated user input used in path handling, exploitable by users with an administrator role. Impact, as disclosed in sources, includes potentia...
PT-2023-32569 · WordPress · Quttera Web Malware Scanner
Name of the Vulnerable Software and Affected Versions: Quttera Web Malware Scanner WordPress plugin versions prior to 3.4.2.1 Description: The issue concerns a lack of validation for user input used in a path. This could potentially allow users with an admin role to perform path traversal attacks...
Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure
Description The plugin doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code http://yoursite/wordpress/wp-content/plugins/quttera-web-malware-scanner/runtime.log...
Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal
Description IThe plugin does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks PoC 1 Go to http://yoursite/wordpress/wp-admin/admin.php?page=qutterawmscannerint 2 Click "Scan Now" 3 Click "Detected Threats" 4 Navigate to some...
Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal
Description IThe plugin does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks 1 Go to http://yoursite/wordpress/wp-admin/admin.php?page=qutterawmscannerint 2 Click "Scan Now" 3 Click "Detected Threats" 4 Navigate to some Suspicio...
Masc - A Web Malware Scanner
A malware web scanner developed during CyperCamp Hackathon 2017. Features At the moment, there are some features avaiable for any type of website custom or CMS and some of them only available for specific platforms: Scan any website for malware using OWASP WebMalwareScanner checksum, YARA rules...
Threat Outbreak Alert RuleID26767: Email Messages Distributing Malicious Software on December 16, 2016
Medium Alert ID: 52131 First Published: 2016 December 16 20:45 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID26767 may contain the following files: Name |...
RedKit Exploit Kit : New web malware exploitation pack
RedKit Exploit Kit : New web malware exploitation pack Trustwave researchers have spotted a new exploit kit called "RedKit Exploit Kit" that being used in the wild is aiming to enter a market that is practically monopolized by the widely famous BlackHole and Phoenix exploit kits. In actual, The n...
Zero Days By The Dozen in Malware Kits
Security researchers have found twelve zero day flaws targeting five of the most common web malware exploitation kits such as Neon, Eleonore, Liberty, Lucky and the Yes exploitation kits. Read the full article. ZDNet...
Energy, Chemical Companies Are Malware Targets
Critical infrastructure organizations, such as those in the energy, oil, pharmaceutical and chemical sectors, encountered at least twice as much web malware as other organizations during 2009, researchers found. Read the full article. Secure Computing...