NetChess 2.1 Buffer Overflow

Exploit Title: NetChess2.1 Buffer Overflow SEH Date: 8/1/2022 Exploit Author: Ugur Eminli Vendor Homepage: https://sourceforge.net/projects/avmnetchess/ Software Link: https://sourceforge.net/projects/avmnetchess/ Version: 2.1 Tested on: WinXP SP2 Build 2600 !/usr/bin/perl my $file= "exploit.pgn"...

Command Injection

exec-local-bin is vulnerable to Command Injection attacks. The library does not properly sanitize user-input via theProcess function, which allows an attacker to inject and execute malicious commands...

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

...

3D Builder Remote Code Execution Vulnerability

...

exec-local-bin vulnerable to Command Injection

Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess functionality due to improper user-input sanitization...

CVE-2022-25923

CVE-2022-25923 affects the exec-local-bin package. The vulnerability arises in theProcess() where improper user-input sanitization enables Command Injection. Affected versions are prior to 1.2.0. Impact is described as potential unauthorized code execution with high confidentiality/integrity/avai...

CVE-2022-25923

Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess functionality due to improper user-input sanitization...

exec-local-bin 安全漏洞

exec-local-bin is a library by Saeed Seyfi Dorcheh personal developer. A simple helper for executing a local nodemodule bin in a node. A security vulnerability exists in exec-local-bin versions prior to 1.2.0, which stems from incorrect user input cleanup and is prone to command injection via...

PT-2023-12836 · Unknown · Exec-Local-Bin

Name of the Vulnerable Software and Affected Versions: exec-local-bin versions prior to 1.2.0 Description: The issue is related to Command Injection via the theProcess functionality due to improper user-input sanitization. This allows for potential exploitation. No information is provided about t...

User Post Gallery <= 2.19 - Unauthenticated RCE

The plugin does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it. PoC Invoke the following curl command to execute the "id" command via PHP's exec function: curl -i...

User Post Gallery <= 2.19 - Unauthenticated RCE

The plugin does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it. Invoke the following curl command to execute the "id" command via PHP's exec function: curl -i...

CVE-2022-44874

wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component opCallIndirect at /m3exec.h...

PYSEC-2022-43155

wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component opCallIndirect at /m3exec.h...

Remote code execution

Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability...

USN-5776-1 containerd vulnerabilities

It was discovered that containerd incorrectly handled memory when receiving certain faulty Exec or ExecSync commands. A remote attacker could possibly use this issue to cause a denial of service or crash containerd. CVE-2022-23471, CVE-2022-31030 It was discovered that containerd incorrectly set ...

PT-2022-27328 · Wasm3 · Wasm3

Name of the Vulnerable Software and Affected Versions: wasm3 version 7890a2097569fde845881e0b352d813573e371f9 Description: A segmentation fault was discovered in the op CallIndirect component at /m3 exec.h. Recommendations: For version 7890a2097569fde845881e0b352d813573e371f9, consider updating t...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the theProcess functionality due to improper user-input sanitization. PoC js var root = require"exec-local-bin" root"& touch JHU", Remediation Upgrade exec-local-bin to version 1.2.0 or higher. References - GitHub...

runc: incorrect handling of inheritable capabilities

A flaw was found in runc, where runc exec --cap executed processes with non-empty inheritable Linux process capabilities. This issue creates an atypical Linux environment and enables programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

kernel: posix-cpu-timers: Cleanup CPU timers before freeing them during exec

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b "posix-cpu-timers: Store a reference to a pid not a task" started looking up tasks by PID when deleting a CPU timer. When a non-leader threa...

PT-2022-36762 · Git +1 · Mruby

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a negative-size-param, which occurs in the mrb str format function, followed by mrb f sprintf and mrb vm exec. ...