Exploit for Out-of-bounds Write in Polkit_Project Polkit

PoC exploit for CVE-2021-4034, a privilege escalation vulnerability in the polkit package. The target product/service is polkit, a Linux system policy kit. The vulnerability class/vector is a privilege escalation vulnerability. The probable entry points are the gconv-modules file and the...

global-modules-path Command Injection vulnerability

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

@airy/maleo (>=0.0.1-canary.49 <=0.3.1-canary.36), @audentio/kinetic (>=0.1.0 <=0.1.12) +206 more potentially affected by CVE-2022-21191 via global-modules-path (>=1.0.0 <=2.3.1)

global-modules-path NPM version =1.0.0, =0.0.1-canary.49, =0.1.0, =6.4.0, =0.1.0, =8.0.0, =0.0.6, =0.1.0-latest.1a450bb3, =0.1.0, =1.0.0, =0.0.22-alpha.1, =0.1.0, =1.1.3, =0.9.0, =0.0.1, =0.0.2 and more Source cves: CVE-2022-21191 Source advisory: OSV:GHSA-VVJ3-85VF-FGMW...

GHSA-VVJ3-85VF-FGMW global-modules-path Command Injection vulnerability

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

CVE-2022-21191

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

CVE-2022-21191

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

CVE-2022-21191

CVE-2022-21191 concerns the npm package global-modules-path . Versions prior to 3.0.0 are vulnerable to a Command Injection via the internal getPath function caused by missing input sanitization and sandboxing. The result is a high-risk condition, with confirmed references across multiple sources...

PT-2023-12664 · Unknown · Global-Modules-Path

Name of the Vulnerable Software and Affected Versions: global-modules-path versions prior to 3.0.0 Description: The issue is related to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. This allows for potential exploitation...

global-modules-path 安全漏洞

global-modules-path is a utility that returns the path of a global installation package. A security vulnerability exists in global-modules-path versions prior to 3.0.0, which stems from a lack of cleaning of user input or a failure to sandbox the getPath function...

Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms

Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms. CISA encourages users and administrators...

46c-sector (>=1.0.0 <=1.2.1), @aatishgh/antora_site_generator_lunr_custom (>=0.4.0 <=0.4.3) +430 more potentially affected by CVE-2023-0163 via convict (>=0.0.6 <=6.2.3)

convict NPM version =0.0.6, =1.0.0, =0.4.0, =0.0.1, =0.0.2, =1.0.0, =1.0.0, =1.0.0, =2.2.0, =0.0.1, =1.0.0, =0.0.1, =2.1.0, =2.0.0, =3.0.2 and more Source cves: CVE-2023-0163 Source advisory: OSV:GHSA-4JRM-C32X-W4JF...

Cross site scripting

A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site...

Subparse - Modular Malware Analysis Artifact Collection And Correlation Framework

Subparse, is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse and index malware files and present the information found during the parsing in a searchable web-viewer. The framework is modular, making use of a core parsing engine,...

cloud.piranha.extension:piranha-extension-hazelcast (>=21.11.0 <=22.2.0), cn.vertxup:infix-mysql (=0.8.1) +120 more potentially affected by CVE-2022-36437 via com.hazelcast:hazelcast (>=5.0 <=5.0.3)

com.hazelcast:hazelcast MAVEN version =5.0, =21.11.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.8.1 and more Source cves: CVE-2022-36437 Source advisory: OSV:GHSA-C5HG-MR8R-F6JP...

PT-2022-23918 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows for XSS via a malicious capability to the metrics or help module. This can be demonstrated by a URI such as "/!!&app=io.ox/files&cap=". Recommendations: For versions 7.10....

CVE-2022-33324

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSE...

Stack overflow

Deark v.1.6.2 was discovered to contain a stack overflow via the doprismreadpalette function at /modules/atari-img.c...

PT-2022-27852 · Microchip · Pic Lightblue Explorer Demo +1

Name of the Vulnerable Software and Affected Versions: Microchip RN4870 module firmware version 1.43 Microchip PIC LightBlue Explorer Demo version 4.2 DT100112 Description: The issue allows attackers to bypass passkey entry in legacy pairing. Recommendations: For Microchip RN4870 module firmware...

Metasploit Weekly Wrap-Up

A sack full of cheer from the Hacking Elves of Metasploit It is clear that the Metasploit elves have been busy this season: Five new modules, six new enhancements, nine new bug fixes, and a partridge in a pear tree are headed out this week! Partridge nor pear tree included. In this sack of goodie...

be.atbash.test:integration-testing (>=1.0.0 <=1.1.0), com.codbex.chronos:codbex-chronos-platform (>=0.3.0 <=0.5.4) +1091 more potentially affected by CVE-2022-46364 via org.apache.cxf:cxf-core (>=3.5.0 <=3.5.4)

org.apache.cxf:cxf-core MAVEN version =3.5.0, =1.0.0, =0.3.0, =0.3.0, =0.5.3, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.3.0 and more Source cves: CVE-2022-46364 Source advisory: OSV:GHSA-X3X3-QWJQ-8GJ4...