209 matches found
CVE-2023-49147
An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...
Code injection
An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...
CVE-2023-49147
An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...
SUSE CVE-2023-47039
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...
CVE-2023-47039
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...
Perl Security Vulnerabilities
Perl is a general-purpose, interpreted, dynamic, cross-platform programming language from the PERL community. A security vulnerability exists in Perl, which can be exploited to execute arbitrary code when running an executable that uses the Windows Perl interpreter, due to a path search order iss...
Remote Code Execution (RCE)
github.com/mutagen-io/mutagen is vulnerable to Remote Code Execution RCE. The vulnerability only applies on Windows, because %ComSpec% is the official mechanism for shell specification on Windows but does not require an absolute path. An attacker can specify a relative path pointing to a maliciou...
Under-validated ComSpec and cmd.exe resolution in Mutagen projects
Impact Mutagen projects offer shell-based execution functionality. On Windows, the shell is resolved using the standard %ComSpec% mechanism, with a fallback to a %PATH%-based search for cmd.exe. While this is the standard practice on Windows systems, it presents somewhat risky behavior. Firstly,...
GHSA-FWJ4-72FM-C93G Under-validated ComSpec and cmd.exe resolution in Mutagen projects
Impact Mutagen projects offer shell-based execution functionality. On Windows, the shell is resolved using the standard %ComSpec% mechanism, with a fallback to a %PATH%-based search for cmd.exe. While this is the standard practice on Windows systems, it presents somewhat risky behavior. Firstly,...
Microsoft Windows 11 - (cmd.exe) Denial of Service Exploit
Exploit Title: Microsoft Windows 11 - 'cmd.exe' Denial of Service Exploit Author: Milad Karimi Ex3ptionaL Date: 2023-03-30 Vendor Homepage: https://www.microsoft.com/en-us Software Link: https://www.microsoft.com/en-us Tested Version: N/A Tested on OS: Windows 11 Pro About App Microsoft Windows i...
Microsoft Windows 11 - 'cmd.exe' Denial of Service
Exploit Title: Microsoft Windows 11 - 'cmd.exe' Denial of Service Exploit Author: Milad Karimi Ex3ptionaL Date: 2023-03-30 Vendor Homepage: https://www.microsoft.com/en-us Software Link: https://www.microsoft.com/en-us Tested Version: N/A Tested on OS: Windows 11 Pro About App Microsoft Windows i...
Improper Control of Generation of Code ('Code Injection') in Azure CLI
Description In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. For example: Application X is a web application wi...
WiFi Mouse 1.8.3.4 Remote Code Execution Exploit
The WiFi Mouse Mouse Server from Necta LLC contains an authentication bypass as the authentication is completely implemented entirely on the client side. By utilizing this vulnerability, is possible to open a program on the server cmd.exe in our case and type commands that will be executed as the...
ForceAdmin - Create Infinite UAC Prompts Forcing A User To Run As Admin
ForceAdmin is a c payload builder, creating infinate UAC pop-ups until the user allows the program to be ran. The inputted commands are ran via powershell calling cmd.exe and should be using the batch syntax. Why use? Well some users have UAC set to always show, so UAC bypass techniques are not...
CVE-2022-31179 Insufficient escaping of line feeds for CMD in shescape
Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape any API function to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by...
CVE-2022-31179 Insufficient escaping of line feeds for CMD in shescape
Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape any API function to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by...
Carriage Return And Line Feed (CLRF) Injection
shescape is vulnerable to carriage return line feed CRLF injection. User provided data for Powershell and cmd.exe on Windows systems are not escaped sufficiently, allowing an attacker to input a line feed character '\n'...
Real Player 16.0.3.51 - 'external::Import()' Directory Traversal to Remote Code Execution (RCE)
Exploit Title: Real Player 16.0.3.51 - 'external::Import' Directory Traversal to Remote Code Execution RCE Google Dork: n/a Date: May 31, 2022 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://real.com/ Software Link: http://real.com/ Version: ver. 16.00.282, 16.0.3.51, Cloud 17.0.9.17,...
Microsoft CMD.EXE Integer Overflow
Hi @ll, the subject says it all: a 25 year old TRIVIAL signed integer arithmetic bug which may well have earned a PhD now crashes Windows' command interpreter CMD.exe via its builtin SET command. See their documentation: Classification CWE-190: Integer Overflow or Wraparound CWE-248: Uncaught...
Researchers Warn of 'Raspberry Robin' Malware Spreading via External Drives
Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices. Attributing the malware to a cluster named "Raspberry Robin," Red Canary researchers noted that the worm "leverages Windows Installer to reach out to...