The Bank Of Tokyo-mitsubishi Ufj, Ltd. Security Vulnerabilities

Malicious code in bank-settings (npm)

-= Per source details. Do not edit below this...

Malicious code in ifood-bank-account-validator-redux-form-8 (npm)

-= Per source details. Do not edit below this...

Malicious code in 37_pieces-of-flair (RubyGems)

-= Per source details. Do not edit below this...

Malicious code in nintendo-of-europe (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (83c974b5b6c49df853841d0c3fef7af9c28d6098c68985d09855aee2fe153d52) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in code-of-daily-modern-wordfare (npm)

-= Per source details. Do not edit below this...

Malicious code in to-watch-avatar-2-the-way-of-water-full-online-stream04 (npm)

-= Per source details. Do not edit below this...

Malicious code in watch-avatar-the-way-of-water-movie-online-free-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watch-shazam-fury-of-the-gods-online-movie-free-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watch-shazam-fury-of-the-gods-full-movies-free-on-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in where-to-watch-shazam-fury-of-the-gods-fullmovies-free-on-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watching-shazam-fury-of-the-gods-2023-full-online-free-on-streaming-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watch-shazam-fury-of-the-gods-2023-movie-online-free-on-streaming-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watch-shark-side-of-the-moon-2023-full-online-free-on-streaming-at-home (npm)

-= Per source details. Do not edit below this...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in WebSphere Application Server Liberty

Summary IBM Virtualization Engine TS7700 is vulnerable to two potential denial of service conditions (CVE-2023-44487, CVE-2024-25026) and two instances of weaker than expected security (CVE-2023-50312, CVE-2023-46158) due to WebSphere Application Server Liberty. WebSphere Application Server...

Malicious code in watch-shazam-fury-of-the-gods-2023-online-free-on-streaming-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watching-shazam-fury-of-the-gods-movie-online-on-free-at-the-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watching-shazam-fury-of-the-gods-movie-online-on-free-at-the-home-free (npm)

-= Per source details. Do not edit below this...

Malicious code in shazam-fury-of-the-gods-2023-full-online-free-on-streaming-at-index-main (npm)

-= Per source details. Do not edit below this...

Malicious code in shazam-fury-of-the-gods-watching-full-online-free-on-streaming-at-index-main (npm)

-= Per source details. Do not edit below this...

Malicious code in watch-now-shazam-fury-of-the-gods-2023-full-online-free-streaming-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watch-for-shazam-fury-of-the-gods-2023-full-online-free-streaming-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in @zettle-bo/bank-settings (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c565236f7920d5e91efa88abc8e86c0b09894525e980f20ca14654a57126c8b3) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: gh, prometheus, guac, influxd, rekor, gomplate, pulumi-kubernetes-operator, kargo, cosign, neuvector-sigstore-interface, slsa-verifier, policy-controller, opentelemetry-collector-contrib, vexctl, flux-notification-controller, scorecard, snyk-cli, vault-csi-provider,...

Bank Locker Management System v1.0 - SQL Injection

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: prometheus, guac, grafana, rekor, teleport, up, chezmoi, cosign, prometheus-operator, policy-controller, opentelemetry-collector-contrib, grafana-agent-operator, step, sigstore-scaffolding, k8sgpt, tekton-pipelines, filebeat, flyte, hugo,...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: prometheus, guac, grafana, rekor, teleport, up, chezmoi, cosign, prometheus-operator, policy-controller, opentelemetry-collector-contrib, grafana-agent-operator, step, sigstore-scaffolding, k8sgpt, tekton-pipelines, filebeat, flyte, hugo,...

CVE-2022-33324

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: gh, prometheus, guac, influxd, rekor, gomplate, pulumi-kubernetes-operator, kargo, cosign, neuvector-sigstore-interface, slsa-verifier, policy-controller, opentelemetry-collector-contrib, vexctl, flux-notification-controller, scorecard, snyk-cli, vault-csi-provider,...

CVE-2024-36673

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...

tokyo-houses.jp Cross Site Scripting vulnerability OBB-3879266

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

CVE-2024-30088 Bug: Bug is inside function...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

ThemeBleed Proof-of-Concept for CVE-2023-38146 ("ThemeBleed")...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

Weakness: CWE-367:...

Truist bank confirms data breach

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name "Sp1d3r" offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets,....

Denial Of Service

JSON-Java is vulnerable to Denial of Service. The vulnerability is due to chars with value \0 being parsed incorrectly, which can results in an input string of modest size causing indefinite amounts of memory...

CVE-2022-4738

A vulnerability classified as problematic has been found in SourceCodester Blood Bank Management System 1.0. Affected is an unknown function of the file index.php?page=users of the component User Registration Handler. The manipulation of the argument Name leads to cross site scripting. It is...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to the use of IBM Db2

Summary IBM Virtualization Engine TS7700 is susceptible to the vulnerabilities listed below due to the embedded use of IBM Db2. IBM Db2 is used in TS7700 to store metadata about the data it manages. CVE-2023-30431, CVE-2023-29257, CVE-2023-26021, CVE-2023-25930, CVE-2023-27559, CVE-2023-40692....

Granting access of protected ContentProviders on behalf of Launcher

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2022-4737

A vulnerability was found in SourceCodester Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The...

Denial Of Service (DoS)

Libraries that implement HTTP/2 are vulnerable to Denial Of Service (DoS). The vulnerability could be exploited by attackers via sending a large number of HTTP/2 requests to a vulnerable server, then canceling them, causing the server to consume excessive resources and become unavailable to...

Denial Of Service (DoS)

ASP.NET and .NET are vulnerable to Denial of Service. The vulnerability is due to the Kestrel web server detecting a malicious client but failing to disconnect, resulting in Denial of...

Denial Of Service (DoS)

samba is vulnerable to Denial of Service (DoS) attacks. This vulnerability occurs when Samba parses a specially crafted RPC request. If the request is valid, Samba will enter an infinite loop. This could cause Samba to consume excessive CPU resources and eventually...

Denial Of Service (DoS)

langchain is vulnerable to a Denial-of-Service (DoS). The vulnerability is due to infinite recursion in the parse_sitemap method, which results in an infinite loop that exceeds the maximum recursion depth in...

Denial Of Service

libexpat is vulnerable of Denial of service. The vulnerability due to many full reparsings are required in the case of a large token for which multiple buffer fills are needed. It leads to the exhaustion of available...

Mattermost leaks details of AD/LDAP groups of a teams

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member...

Denial Of Service

dnsmasq is vulnerable to Denial of Service. The vulnerability due to KeyTrap issue when dealing with a zone that contains numerous DNSKEY (DNS Key) and RRSIG (Resource Record Signature) records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG....

Denial Of Service (DoS)

Magick is vulnerable to Denial of Service (DoS) attacks. Applications using the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() methods to check a DH key or DH parameters may encounter lengthy delays. If the key or parameters being verified have come from an unreliable source, this might...

Denial Of Service (DoS)

org.eclipse.jetty is vulnerable to Denial Of Service (DoS). The vulnerability arises from the library's failure to appropriately limit the size in HPACK header values. This allows an attacker to repeatedly send maliciously crafted HTTP messages, leading to an integer overflow and ultimately...

Improper Preservation Of Permissions

github.com/authzed/spicedb is vulnerable to Improper Preservation Of Permissions. The vulnerability is due to a failure in the exclusion dispatcher to request all the folders in which the user is a member, leading to an incorrect NO_PERMISSION response when the user should have...

Denial Of Service (DoS)

ws is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of the Upgrade header when the number of received headers exceeds the server.maxHeadersCount or request.maxHeadersCount threshold, causing incomingMessage.headers.upgrade to not be set. Attackers can use...