Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems.
The package, named @0xengine/xmlrpc, was originally published on October 2, 2023 as a JavaScript-based XML-RPC
A vulnerability was found in Sun Ray Server Software 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to an unknown weakness.
This vulnerability is known as CVE-2007-6481. The attack can be launched remotely. There is no exploit available.
A vulnerability, which was classified as very critical, has been found in Trend Micro ServerProtect 5.7/5.58. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption.
This vulnerability is handled as CVE-2008-0012. The attack may be launched remotely. There is no exploit available.