Aerospike Database UDF Lua Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Aerospike Database UDF Lua Code Execution', 'Description' = %q Aerospike Database versions before 5.1.0.3 permitted user-defined functions UDF to...

Kong Gateway Admin API Remote Code Execution

This module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute. After execution the route is deleted, which also deletes the plugin. Module Options msf use...

CVE-2020-14147

An integer overflow in the getnum function in luastruct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox restrictions via a large...

AZL-6842 CVE-2020-14147 affecting package redis for versions less than 5.0.5-7

An integer overflow in the getnum function in luastruct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox restrictions via a large...

Integer overflow

An integer overflow in the getnum function in luastruct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox restrictions via a large...

UBUNTU-CVE-2020-14147

An integer overflow in the getnum function in luastruct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox restrictions via a large...

CVE-2020-14147

An integer overflow in the getnum function in luastruct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox restrictions via a large...

PT-2020-5440 · Redis +2 · Redis +2

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 6.0.3 Description: The issue is caused by an integer overflow in the getnum function, which allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service or possibly...

Design/Logic Flaw

The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows 1 remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or 2 remote authenticated users to execute arbitrary Lua code via a RunLua action in a request...

Mail.ru: Access to Tarantool

An access to admin interface of Tarantool host in development/stage environment was not properly restricted, allowing LUA code execution...

CVE-2017-9389

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device allows a user to install applications written in the Lua programming language. Also the interfa...

Denial Of Service (DoS)

redis is vulnerable to denial of service DoS attacks. The vulnerability exists as an integer overflow in the getnum function in luastruct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial o...

DEBIAN-CVE-2018-1999023

The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and play...

Yii Arbitrary LUA Code Execution Vulnerability

Yii is the Yii team developed a set of component-based , high-performance PHP framework for developing large-scale Web applications . A security vulnerability exists in version 2.x of Yii before 2.0.15. A remote attacker can exploit this vulnerability to execute arbitrary LUA code...

CVE-2018-8073

Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension...

CVE-2018-8073

Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension...

CVE-2018-8073

The CVE-2018-8073 entry affects Yii 2.x prior to 2.0.15. Affected component: framework/db/ActiveRecord.php, specifically findByCondition via findOne/findAll, enabling remote SQL injection by manipulating input (undocumented sanitization considerations) and potentially bypassing access checks. Thi...

TROMMEL - Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities

TROMMEL sifts through directories of files to identify indicators that may contain vulnerabilities. TROMMEL identifies the following indicators related to: Secure Shell SSH key files Secure Socket Layer SSL key files Internet Protocol IP addresses Uniform Resource Locator URL email addresses shel...

DEBIAN-CVE-2015-8080

Integer overflow in the getnum function in luastruct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox...

CVE-2015-8080

Integer overflow in the getnum function in luastruct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox...