CVE-2025-64756

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

CVE-2025-64756

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

CVE-2025-64756 glob CLI: Command injection via -c/--cmd executes matches with shell:true

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

Glob 操作系统命令注入漏洞

Glob is a file matching software by isaacs individual developers. An operating system command injection vulnerability exists in Glob versions 10.3.7 through 11.0.3, which stems from command injection and could lead to arbitrary code execution...

GitLab <= 10.3.7, 10.4.x - 10.4.4, 10.5.x - 10.5.4 Improper Input Validation Vulnerability

GitLab is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

Mac OS X <= 10.3.7 Input Validation Flaw parse_machfile() DoS

No description provided by source. / DoS for Darwin Kernel Version 7.5.0 -nemo pulltheplug org- 2005 greetz to awnex, cryp, nt, andrewg, arc, mercy, amnesia ; irc.pulltheplug.org social / include stdio.h int main int ac, char av FILE me; int rpl = 0xffffffff; fpost pos = 0x10; printf - nacho - 20...

CVE-2005-0975

Integer signedness error in the parsemachfile function in the mach-o loader machloader.c for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service CPU consumption via a crafted mach-o header...

Apple iTunes - Playlist Parsing Local Buffer Overflow

Apple iTunes - Playlist Parsing Local Buffer Overflow / PoC for iTunes on OS X 10.3.7 - [email protected] - Generates a .pls file, when loaded in iTunes it binds a shell to port 4444. Shellcode contains no \x00 or \x0a's. sample output: -nemo@gir:$ ./fm-eyetewnz foo.pls - fm-eyetewnz - -...