CVE-2019-15992

CVE-2019-15992 is a remote code execution vulnerability in the Lua interpreter used by Cisco ASA and Cisco FTD software. It arises from insufficient restrictions on Lua function calls in user-supplied scripts, which could allow an authenticated, remote attacker to trigger a heap overflow and exec...

The vulnerability of the Lua interpreter implemented in Cisco Adaptive Security Appliance (ASA) and Configure Firepower Threat Defense (FTD) hardware network devices allows attackers to escalate their privileges and execute arbitrary code.

The vulnerability of the Lua interpreter implemented in Cisco Adaptive Security Appliance ASA and Configure Firepower Threat Defense FTD hardware-based network devices relates to the execution of operations beyond the buffer memory boundaries. Exploiting this vulnerability allows a malicious acto...

Cisco Firepower Threat Defense RCE (cisco-sa-20191112-asa-ftd-lua-rce)

A remote code execution vulnerability exists in the Lua interpreter of Cisco Firepower Threat Defense FTD software due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. An authenticated, remote attacker can exploit this to bypass...

Cisco Adaptive Security Appliance RCE (cisco-sa-20191112-asa-ftd-lua-rce)

A remote code execution vulnerability exists in the Lua interpreter of Cisco Adaptive Security Appliance ASA software due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. An authenticated, remote attacker can exploit this to bypass...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating...

PT-2021-23858 · Lua +6 · Lua +6

Name of the Vulnerable Software and Affected Versions: Lua Interpreter versions 5.1.0 through 5.4.4 Description: The issue is related to a stack overflow in the lua resume function of ldo.c in the Lua Interpreter. This can allow attackers to perform a Denial of Service via a crafted script file...

Debian DLA-297-1 : wesnoth-1.8 security update

Wesnoth implements a text preprocessing language that is used in conjunction with its own game scripting language. It also has a built-in Lua interpreter and API. Both the Lua API and the preprocessor make use of the same function filesystem::getwmllocation to resolve file paths so that only...

DLA-297-1 wesnoth-1.8 - security update

Bulletin has no description...

The vulnerability of the function for working with vararg arguments in Lua script interpreters allows attackers to trigger a denial-of-service attack.

The vulnerability of the function for handling vararg arguments ldo.c in the Lua script interpreter arises from the operation being performed outside the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure by using a large number of...

Wing FTP Server <= 4.3.8 Authenticated Command Execution Vulnerability

Wing FTP Server is prone to an authenticated command execution vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Wing FTP Server Authenticated Command Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote include Msf::Exploit::CmdStager include Msf::Exploit::Remote::HttpClient def...

Wing FTP Server - (Authenticated) Command Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wing FTP Server Authenticated Command Execution', 'Description' = %q This module exploits the embedded Lua interpreter in the admin w...

Wing FTP Server Authenticated Command Execution Exploit

This Metasploit module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute to execute arbitrary system commands on the target with SYSTEM privileges. This module requires...

Wing FTP Server Authenticated Command Execution

This module exploits the embedded Lua interpreter in the admin web interface for versions 3.0.0 and above. When supplying a specially crafted HTTP POST request an attacker can use os.execute to execute arbitrary system commands on the target with SYSTEM privileges. This module requires Metasploit...

Wing FTP Server Authenticated Command Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wing FTP Server Authenticated Command Execution', 'Description' = %q This module exploits the embedded Lua interpreter in the admin w...