232 matches found
CVE-2022-23935
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file = /|$/ check, leading to command injection...
CVE-2022-23935
ExiphTool (lib/Image/ExifTool.pm) is affected in ExifTool before 12.38 due to a faulty $file =~ /|$/ check, enabling command injection. Affected component: ExifTool Perl library; vulnerability identified as CVE-2022-23935. Public advisories from Astra Linux and Alpine Linux/Fedora-based records c...
CVE-2022-23935
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file = /|$/ check, leading to command injection...
Security Vulnerability found in ExifTool leading to RCE
Debian Security tracker reports: ExifTool.pm in ExifTool before 12.38 mishandles a file special characters check, leading to command injection...
PT-2022-16352 · Exiftool +3 · Exiftool +3
Name of the Vulnerable Software and Affected Versions: ExifTool versions prior to 12.38 Description: The issue arises from the mishandling of a $file = /|$/ check in lib/Image/ExifTool.pm, leading to command injection. Recommendations: For versions prior to 12.38, update to version 12.38 or later...
exiftool 操作系统命令注入漏洞
exiftool is a software application. Make metadata more accessible. An operating system command injection vulnerability exists in exiftool before 12.38, which stems from the lib/Image/ExifTool.pm error handling $file = /|$/ check...
Exploit for Code Injection in Exiftool_Project Exiftool
CVE-2021-22204 About the vulnerability --- Improper neutraliz...
The vulnerability of the library for processing metadata in multimedia Exif files, related to incorrect elimination of special elements in the output data, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the ExifTool library for processing metadata in multimedia files is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and even cause servi...
Exploit for Code Injection in Exiftool_Project Exiftool
ExifTool Remote Code Execution Vulnerability This should be c...
ExifTool Remote Code Execution (CVE-2021-22204)
A remote code execution vulnerability exists in ExifTool. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
GitLab ExifTool uploaded image command injection
Added: 11/24/2021 Background GitLab is an open-source software development platform with built-in version control and issue tracking. Problem A remote attacker can execute arbitrary commands by uploading a specially crafted image to GitLab, which executes injected Perl code when ExifTool parses...
GitLab ExifTool uploaded image command injection
Added: 11/24/2021 Background GitLab is an open-source software development platform with built-in version control and issue tracking. Problem A remote attacker can execute arbitrary commands by uploading a specially crafted image to GitLab, which executes injected Perl code when ExifTool parses...
GitLab ExifTool uploaded image command injection
Added: 11/24/2021 Background GitLab is an open-source software development platform with built-in version control and issue tracking. Problem A remote attacker can execute arbitrary commands by uploading a specially crafted image to GitLab, which executes injected Perl code when ExifTool parses...
GitLab 13.10.2 - Remote Code Execution Exploit
Exploit Title: GitLab 13.10.2 - Remote Code Execution RCE Unauthenticated Shodan Dork: https://www.shodan.io/search?query=title%3A%22GitLab%22+%2B%22Server%3A+nginx%22 Exploit Author: Jacob Baines Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/gitlab-org/gitlab...
ExifTool Remote Code Execution Vulnerability
Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...
GitLab 13.10.2 Remote Code Execution
Exploit Title: GitLab 13.10.2 - Remote Code Execution RCE Unauthenticated Shodan Dork: https://www.shodan.io/search?query=title%3A%22GitLab%22+%2B%22Server%3A+nginx%22 Date: 11/01/2021 Exploit Author: Jacob Baines Vendor Homepage: https://about.gitlab.com/ Software Link:...
GitLab Unauthenticated Remote ExifTool Command Injection
This module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition CE and Enterprise Edition EE. The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command execution as the git user. Module Options msf use...
Exploit for Code Injection in Exiftool_Project Exiftool
Gitlab-Exiftool-RCE Original repos : https://github.com/CsEnox...
GitLab Unauthenticated Remote ExifTool Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab Unauthenticated Remote ExifTool Command Injection', 'Description' = %q This module exploits an unauthenticated file upload and command...
VulnCheck KEV: CVE-2021-22205
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files...