go -- multiple vulnerabilities

The Go project reports: crypto/rand: rand.Read hangs with extremely large buffers On Windows, rand.Read will hang indefinitely if passed a buffer larger than 1 32 - 1 bytes. crypto/tls: session tickets lack random ticketageadd Session tickets generated by crypto/tls did not contain a randomly...

Hashicorp Nomad Access Control Issues

HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver...

The vulnerability of the exec() function in the ShellJS interpreter allows a malicious actor to gain unauthorized access to protected information, increase privileges, or cause service failures.

The vulnerability of the exec function in the ShellJS interpreter is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information, increase privileges, or cause service failures through specially created...

DEBIAN-CVE-2022-29162

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

AZL-9817 CVE-2022-29162 affecting package moby-runc for versions less than 1.1.2-2

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

Design/Logic Flaw

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

UBUNTU-CVE-2022-29162

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

CVE-2021-42897

A remote command execution RCE vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $POSTrname is directly passed into the $mysqlstr and is executed by exec...

CVE-2021-42897

A remote command execution RCE vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $POSTrname is directly passed into the $mysqlstr and is executed by exec...

Command injection

A remote command execution RCE vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $POSTrname is directly passed into the $mysqlstr and is executed by exec...

CVE-2021-42897

A remote command execution RCE vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $POSTrname is directly passed into the $mysqlstr and is executed by exec...

GHSA-7FH9-933G-885P Drupal Core Remote Code Execution Vulnerability

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations...

fs-git command injection vulnerability

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

GHSA-WP3J-GV53-4PG8 fs-git command injection vulnerability

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

Powershell Exec, Find Tag Ordinal Stager

Execute an x86 payload from a command via PowerShell. Use an established connection Module Options msf use payload/cmd/windows/powershell/vncinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...

Powershell Exec, Reverse HTTP Stager Proxy

Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP Module Options msf use payload/cmd/windows/powershell/vncinject/reversehttpproxypstore msf payloadreversehttpproxypstore show actions ...actions... msf payloadreversehttpproxypstore set ACTION msf...

Powershell Exec, Find Tag Ordinal Stager

Execute an x86 payload from a command via PowerShell. Use an established connection Module Options msf use payload/cmd/windows/powershell/meterpreter/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...

Powershell Exec, Hidden Bind TCP Stager

Execute an x86 payload from a command via PowerShell. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/powershell/patchupmeterpreter/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf...

Powershell Exec, Bind TCP Stager with UUID Support (Windows x64)

Execute an x64 payload from a command via PowerShell. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/meterpreter/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid...

Powershell Exec, Find Tag Ordinal Stager

Execute an x86 payload from a command via PowerShell. Use an established connection Module Options msf use payload/cmd/windows/powershell/patchupdllinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options...