144 matches found
EUVD-2000-0196
Malware in sbrugna...
EUVD-2008-0591
Malware in sbrugna...
EUVD-2011-4451
Malware in sbrugna...
EUVD-2024-40268
Malicious code in bioql PyPI...
CVE-2023-48031
OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute...
MGASA-2025-0136 Updated rust packages fix security vulnerability
The Rust Security Response WG was notified that the Rust standard library did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command API. An attacker able to control the arguments passed to the spawned process could execute arbitrary...
Arcane stealer: We want all your data
At the end of 2024, we discovered a new stealer distributed via YouTube videos promoting game cheats. What's intriguing about this malware is how much it collects. It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla...
CVE-2024-36138
Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...
CVE-2024-27980
Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...
Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar
CVE-2023-38831 WinRAR Exploit Generator Created by: tech...
ALPINE-CVE-2024-36138
Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...
UBUNTU-CVE-2024-36138
Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...
CVE-2024-43402 Rust OS Command Injection/Argument Injection vulnerability
Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...
Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Rust prior to 1.81.0 that stems from a fix that can be bypassed when a batch file name has trailing spaces or periods...
The vulnerability of the child_process.spawn() and child_process.spawnSync() functions in the Node.js software platform for Windows operating systems allows a hacker to bypass security restrictions and execute arbitrary commands.
The vulnerability of the childprocess.spawn and childprocess.spawnSync functions in the Node.js software platform for Windows operating systems is related to the improper handling of the shell parameter in .bat and .cmd files. Exploiting this vulnerability allows a remote attacker to bypass...
CVE-2024-40895
FFRI AMC contains an OS command injection (CWE-78) vulnerability affecting versions 3.4.0–3.5.3 (and some OEM bundles) where, if the notification program setting is enabled and the executable path ends with a batch/command file, a remote unauthenticated attacker can execute arbitrary OS commands....
CVE-2024-40895
FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the...
CVE-2024-40895
FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the...
PT-2024-29133 · Ffri · Ffri Amc
Name of the Vulnerable Software and Affected Versions: FFRI AMC versions 3.4.0 to 3.5.3 Some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 Description: The issue allows a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an...
PT-2024-4625 · Node.Js +1 · Node.Js +1
Name of the Vulnerable Software and Affected Versions: Node.js versions up to 18.20.3 Node.js versions up to 20.15.0 Node.js versions up to 22.4.0 Description: The issue arises from improper handling of batch files with all possible extensions on Windows via child process.spawn / child...