187 matches found
EUVD-2019-19166
Malware in sbrugna...
EUVD-2021-20335
Malware in sbrugna...
EUVD-2024-26974
Malicious code in bioql PyPI...
EUVD-2022-4541
Malicious code in bioql PyPI...
RLSA-2025:11797 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox: thunderbird:...
CVE-2025-5265
Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.. Th...
CVE-2025-5265
CVE-2025-5265 concerns Firefox on Windows where the Copy as cURL feature improperly escapes the ampersand, enabling a crafted command to trigger local code execution. The impact is described as potentially allowing arbitrary code execution on the user’s system when the user runs the affected curl...
CVE-2025-5264
CVE-2025-5264 involves insufficient escaping of the newline character in Firefox/Thunderbird Copy as cURL functionality, enabling a user to be tricked into executing a crafted command locally. Affected: Firefox < 139, Firefox ESR < 115.24/128.11, Thunderbird
Mozilla Thunderbird < 128.11
The version of Thunderbird installed on the remote Windows host is prior to 128.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-46 advisory. - Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory...
curl: curl -OJ allows creating custom .curlrc file which allows exfiltrating private data, among other things
Summary: If someone convinces someone to use curl -OJ http://example.com/somefile.txt, the Content-Disposition header can be used to create a .curlrc file if one doesn't exist and one is running curl from the home directory. From that point on, the attack controls any argument to all curl...
CVE-2025-4084
Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.. Thi...
The vulnerability of the gzip_do_write() function in the zlib compression library allows a attacker to bypass ASLR protection, execute arbitrary code, or cause a denial-of-service attack.
The vulnerability of the gzipdowrite function in the zlib compression library, a command-line utility of CURL, is related to integer overflow. Exploiting this vulnerability allows an attacker to bypass ASLR protection, execute arbitrary code, or cause a denial-of-service attack...
Advisory ROSA-SA-2025-2748
Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-34.0.2.rv3.2 CVE-ID: CVE-2022-32221 BDU-ID: 2022-07403 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the cURL command line utility is related to a logical error in the reused descriptor when processing subsequent...
[SECURITY] Fedora 41 Update: curl-8.9.1-3.fc41
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
Duplicate Advisory: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7x4w-cj9r-h4v9. This link is maintained to preserve external references. Original Description The actions defined inside of the MediaController class do not check whether a given path is inside a certain path e....
Exploit for Command Injection in Jc21 Nginx_Proxy_Manager
POCCVE-2024-46256 CVE-2024-46256 and CVE-2024-46257 is the...
The vulnerability of the list_base_config.php file in the web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 integrated software solution version 3.90 allows a hacker to execute arbitrary code.
The vulnerability of the listbaseconfig.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 software is version 3.90. This vulnerability stems from the failure to eliminate special elements used in the OS command. Exploiting this vulnerability allows a remote attacker to...
Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure
Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver. 4.00...
ROS-20240708-21
Vulnerability in cURL command line utility is due to bugs in protocol removal logic. Exploitation The exploitation of the vulnerability may allow a remote intruder to gain access to protected information Vulnerability in the HTTP/2 network protocol implementation of the cURL command line utility ...
Exploit for OS Command Injection in Php
CVE-2024-4577 Vulnerability Checker This script is designed t...