CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

Heap-based Buffer Overflow in mruby/mruby

Description Heap buffer overflow on mrb-vm-exec Proof of Concept // poc.rb 1.timesuntil% ;break Result ./mruby poc.rb ================================================================= ==1451==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000023d9 at pc 0x55b2fc3f1046 bp...

Code injection

vpn-user-portal aka eduVPN or Let's Connect! before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional V...

PT-2021-4477 · Unknown · Vpn-User-Portal

Name of the Vulnerable Software and Affected Versions: vpn-user-portal versions prior to 2.3.14 Description: The issue arises from insufficient input validation in the vpn-user-portal software, allowing remote authenticated users to obtain OS filesystem access due to the interaction of QR codes...

@codedungeon/gunner (>=0.38.0 <=0.80.1), @codedungeon/laravel-versions-cli (=0.1.0) +22 more potentially affected by CVE-2021-3807 via ansi-regex (>=4.0.0 <=4.1.0)

ansi-regex NPM version =4.0.0, =0.38.0, =0.0.65, =0.0.0, =0.0.41, =0.0.12, =0.0.0, =0.2.0, =3.3.69, =0.0.3, =0.2.11, =5.1.0, =4.0.58, =3.0.58, =6.0.17, =6.1.110 and more Source cves: CVE-2021-3807 Source advisory: OSV:GHSA-93Q8-GQ69-WQMW...

CVE-2021-36072 Adobe Bridge SGI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Bridge versions 11.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2021-39367

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection...

CVE-2021-39368

Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter...

CVE-2021-39368

Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter...

CVE-2021-39367

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection...

Design/Logic Flaw

Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter...

Design/Logic Flaw

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection...

CVE-2021-39368

Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter...

CVE-2021-39368

CVE-2021-39368 affects Canon Oce Print Exec Workgroup 1.3.2, where an XSS flaw exists in the lang parameter. The vulnerability targets the application’s web interface and allows script execution in a user’s browser. References in connected records corroborate the XSS claim; no explicit exploit de...

CVE-2021-39367

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection...

CVE-2021-39367

CVE-2021-39367 affects Canon Oce Print Exec Workgroup 1.3.2 and concerns a vulnerability where the host header can be injected. This is documented across multiple sources (NVD and RH Red Hat entries). The vulnerability is described as a host header injection issue; no exploit details or affected ...

Canon Oce Print Exec Workgroup 跨站脚本漏洞

Canon Oce Print Exec Workgroup is a software application from Canon Japan. It is a program that displays basic printer information. A security vulnerability exists in Canon Oce Print Exec Workgroup version 1.3.2, which allows an attacker to conduct XSS attacks via the lang parameter...

Command injection

rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped...

rConfig 操作系统命令注入漏洞

rConfig is an open source network configuration management utility program. An operating system command injection vulnerability exists in rConfig version 3.9.5, which stems from the rConfig path parameter being passed directly to the exec function without being escaped. The vulnerability can be...

PT-2021-10845 · Rconfig · Rconfig

Name of the Vulnerable Software and Affected Versions: rConfig version 3.9.5 Description: The issue allows command injection by sending a crafted GET request to "lib/ajaxHandlers/ajaxArchiveFiles.php" since the path parameter is passed directly to the exec function without being escaped...