Lucene search
K

161 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:26 p.m.5 views

Malicious code in apex-web-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware affe9864459fed841588f1a618582c20b5ac58aecf203a9bfb9fe148d95912ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:26 p.m.6 views

MAL-2022-1037 Malicious code in apex-web-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware affe9864459fed841588f1a618582c20b5ac58aecf203a9bfb9fe148d95912ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
CNNVD
CNNVD
added 2022/05/09 12:0 a.m.3 views

Galleon NTS-6002 操作系统命令注入漏洞

Galleon NTS-6002 is a complete time solution for medium to large organizations from Galleon UK. An operating system command injection vulnerability exists in the Galleon NTS-6002-GPS version 4.14.103-Galleon-NTS-6002.V12, which allows an authenticated attacker to perform command injection as root...

9CVSS7.2AI score0.04476EPSS
Exploits1References5
wpexploit
wpexploit
added 2022/01/24 12:0 a.m.78 views

Catch Web Tools < 2.7.1 - Subscriber+ Arbitrary Catch IDs Activation/Deactivation

The plugin does not have authorisation and CSRF check in its catchwebtoolscatchidsswitch AJAX action, allowing any authenticated users, such as subscriber to activate/disable Catch IDs fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

0.9AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2022/01/24 12:0 a.m.9 views

Catch Web Tools < 2.7.1 - Subscriber+ Arbitrary Catch IDs Activation/Deactivation

The plugin does not have authorisation and CSRF check in its catchwebtoolscatchidsswitch AJAX action, allowing any authenticated users, such as subscriber to activate/disable Catch IDs PoC fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

2.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/01/24 12:0 a.m.9 views

WordPress Catch Web Tools plugin <= 2.7 - Arbitrary Catch IDs Activation/Deactivation vulnerability

Arbitrary Catch IDs Activation/Deactivation vulnerability discovered by Jan w Oleju in WordPress Catch Web Tools plugin versions = 2.7. Solution Update the WordPress Catch Web Tools plugin to the latest available version at least 2.7.1...

2.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.14 views

WordPress Catch Web Tools plugin <= 2.6.6 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Web Tools plugin versions = 2.6.6. Solution Update the WordPress Catch Web Tools plugin to the latest available version at least 2.7...

5.7CVSS2.5AI score0.00408EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2020/11/16 12:0 a.m.8 views

Canon Oce ColorWave 3500 Security Breach

The Canon Oce ColorWave 3500 is a color printer from Canon Japan. The device is based on solid ink bead printing technology and image logic scanning processing, integrating CAD, GIS and full-coverage, full-color image printing in a single device to provide more professional functionality for the...

9.8CVSS7.3AI score0.01121EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/10/12 12:0 a.m.22 views

Debian DLA-2404-1 : eclipse-wtp security update

In Eclipse Web Tools Platform, a component of the Eclipse IDE, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. For Debian ...

7.1CVSS6.8AI score0.00879EPSS
Exploits1References4
Debian
Debian
added 2020/10/09 11:20 p.m.38 views

[SECURITY] [DLA 2404-1] eclipse-wtp security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2404-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 09, 2020 https://wiki.debian.org/LTS -...

7.1CVSS6.8AI score0.00879EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2020/07/15 6:7 p.m.25 views

CVE-2019-17637

In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...

5.8CVSS2.3AI score0.00879EPSS
Exploits1References3
NVD
NVD
added 2020/07/15 3:15 p.m.20 views

CVE-2019-17637

In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...

7.1CVSS0.00879EPSS
Exploits1References2
OSV
OSV
added 2020/07/15 3:15 p.m.4 views

DEBIAN-CVE-2019-17637

In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...

7.1CVSS7.1AI score0.00879EPSS
Exploits1References1
OSV
OSV
added 2020/07/15 3:15 p.m.7 views

CVE-2019-17637

In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...

7.1CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2020/07/15 3:15 p.m.12 views

Xxe

In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...

5.8CVSS6.6AI score0.00879EPSS
Exploits1References2Affected Software2
UbuntuCve
UbuntuCve
added 2020/07/15 3:15 p.m.23 views

CVE-2019-17637

In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...

7.1CVSS7.1AI score0.00879EPSS
Exploits1References2
OSV
OSV
added 2020/07/15 3:15 p.m.2 views

UBUNTU-CVE-2019-17637

In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...

7.1CVSS5.8AI score0.00879EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/07/15 2:55 p.m.26 views

CVE-2019-17637

In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...

6.7AI score0.00879EPSS
Exploits1References2
CVE
CVE
added 2020/07/15 2:55 p.m.74 views

CVE-2019-17637

CVE-2019-17637 affects Eclipse Web Tools Platform up to version 3.18 (2020-06). The vulnerability arises in XML/DTD processing where external entities can cause local file contents to be sent to a remote server when files are edited or validated, even if external entity resolution is disabled. De...

7.1CVSS6.6AI score0.00879EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2020/07/15 2:55 p.m.17 views

CVE-2019-17637

In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...

7.1CVSS6.7AI score0.00879EPSS
Exploits1
Rows per page
Query Builder