‼ CVE-2021-39409 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20829 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the attacker to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine. Notes: To successfully exploit this vulnerability, the attacker must have administrative privileges on the device that is running Cisco ASA Software. Potential targets are limited to users who manage the same device that is running Cisco ASA Software using ASDM. Cisco has released and will release software updates that address this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29865 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 206091.📖 Read
via "National Vulnerability Database".
🕴 APT Groups Swarming on VMware Servers with Log4Shell 🕴
📖 Read
via "Dark Reading".
CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.📖 Read
via "Dark Reading".
Dark Reading
APT Groups Swarming on VMware Servers with Log4Shell
CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.
‼ CVE-2022-34065 ‼
📖 Read
via "National Vulnerability Database".
The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34057 ‼
📖 Read
via "National Vulnerability Database".
The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33003 ‼
📖 Read
via "National Vulnerability Database".
The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33002 ‼
📖 Read
via "National Vulnerability Database".
The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34066 ‼
📖 Read
via "National Vulnerability Database".
The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34053 ‼
📖 Read
via "National Vulnerability Database".
The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34064 ‼
📖 Read
via "National Vulnerability Database".
The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33004 ‼
📖 Read
via "National Vulnerability Database".
The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-34056 ‼
📖 Read
via "National Vulnerability Database".
The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32996 ‼
📖 Read
via "National Vulnerability Database".
The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30885 ‼
📖 Read
via "National Vulnerability Database".
** Reserved ** The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33000 ‼
📖 Read
via "National Vulnerability Database".
The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34055 ‼
📖 Read
via "National Vulnerability Database".
The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33122 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32998 ‼
📖 Read
via "National Vulnerability Database".
The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34059 ‼
📖 Read
via "National Vulnerability Database".
The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34054 ‼
📖 Read
via "National Vulnerability Database".
The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.📖 Read
via "National Vulnerability Database".