The vulnerabilities of event monitoring platforms, threat detection systems, and security analytics tools from IBM QRadar Suite and IBM Cloud Pak for Security are related to information leaks through process environments, allowing attackers to gain unauthorized access to protected information.

The vulnerabilities of event monitoring platforms, threat detection systems, and security analytics tools from IBM QRadar Suite and IBM Cloud Pak for Security are related to information leaks through the process environment. Exploiting these vulnerabilities can allow attackers operating remotely ...

Autodesk AutoCAD Buffer Error Vulnerability

Autodesk AutoCAD is a suite of professional 3D drawing software from the American company Autodesk. A security vulnerability exists in Autodesk AutoCAD. An attacker could exploit this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the current process environmen...

Foxit PDF Reader Remote Code Execution Vulnerability (CNVD-2023-23566)

Foxit PDF Reader is China Foxit Foxit company a PDF reader. A remote code execution vulnerability exists in Foxit PDF Reader, which can be exploited by an attacker to execute code in the current process environment...

Foxit PDF Editor Remote Code Execution Vulnerability (CNVD-2023-23560)

Foxit PDF Editor is China Foxit Foxit company a PDF editor. Foxit PDF Editor has a remote code execution vulnerability that can be exploited by an attacker to execute code in the current process environment...

TinaCMS 日志信息泄露漏洞

TinaCMS is an open source headless CMS for Markdown, MDX and JSON. A log information disclosure vulnerability exists in TinaCMS versions prior to 1.0.9, which stems from sensitive values stored in the process.env variable being added in plaintext to the index.js file...

Huan - Encrypted PE Loader Generator

Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently, it works on 64 bit PE files. How It Works? First, Huan...

kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service

By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the /proc//cmdline or /proc//environ files to block indefinitely...

kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service

By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the /proc//cmdline or /proc//environ files to block indefinitely...

GHSA-P62R-JF56-H429 Malicious Package in evil-package

All versions of evil-package contain malicious code. The package uploads the contents of process.env to example.com/log. Recommendation Remove the package from your environment. Given the host where the information was uploaded to there is no further indication of compromise...

PowerShell-Suite

This repository is an offensive tool for Windows UAC User Account Control bypass. The tool, named "Bypass-UAC," provides a framework to perform UAC bypasses based on auto-elevating IFileOperation COM object method calls. It rewrites PowerShell's PEB Portable Executable Binary to give it the...

CVE-2015-3159

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool ABRT does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges...

Sandbox Breakout / Arbitrary Code Execution

Overview All versions of @zhaoyao91/eval-in-vm are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through this.constructor.constructor . This may allow attackers to execute arbitrary code in the system. Evaluating the payloa...

CVE-2019-11820

Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline...

Information disclosure

Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline...

CVE-2019-11820

Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline...

CVE-2019-11820

Synology Calendar prior to 2.3.3-0620 contains an information exposure via the process environment that allows local users to obtain credentials through the command line. Affected product: Synology Calendar. Vulnerable item: process/environment handling leading to credential leakage. Impact: cred...

abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache

It was discovered that the abrt-action-install-debuginfo-to-abrt-cache helper program did not properly filter the process environment before invoking abrt-action-install-debuginfo. A local attacker could use this flaw to escalate their privileges on the system...

HP Tru64 Alpha OSF1 5.1 - (ps) Information Leak Exploit

No description provided by source. !/bin/ksh osf1tru64ps.ksh exploit Tested on OSF1 V5.1 1885 alpha ps executable - information leak Author: Andrea bunker Purificato http://rawlab.mindcreations.com the ps command also /usr/ucb/ps on HP OSF1 v5.1 Alpha, developed without an eye to security, allows...

HP Tru64 Alpha OSF1 v5.1 (ps) Information Leak Exploit

No description provided by source. !/bin/ksh osf1tru64ps.ksh exploit Tested on OSF1 V5.1 1885 alpha ps executable - information leak Author: Andrea "bunker" Purificato http://rawlab.mindcreations.com the "ps" command also /usr/ucb/ps on HP OSF1 v5.1 Alpha, developed without an eye to security,...

CVE-2006-6622

Soft4Ever Look 'n' Stop LnS 2.05p2 before 20061215 relies on the Process Environment Block PEB to identify a process, which allows local users to bypass the product's controls on a process by spoofing the 1 ImagePathName, 2 CommandLine, and 3 WindowTitle fields in the PEB...