CVE-2022-45796 SHARP Multifunction Printer - Command Injection

Command injection vulnerability in nwinterface.html in SHARP multifunction printers MFPs's Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System Monochrome 200 or...

PT-2022-27644 · Sharp · Sharp Digital Multifunctional System +1

Name of the Vulnerable Software and Affected Versions: SHARP Digital Full-color Multifunctional System versions 202 or earlier SHARP Digital Full-color Multifunctional System versions 120 or earlier SHARP Digital Full-color Multifunctional System versions 600 or earlier SHARP Digital Full-color...

CVE-2022-45796

CVE-2022-45796 affects SHARP Digital Full-color Multifunctional System and related monochrome MFPs. The vulnerability is a command injection in the nw_interface.html component, enabling remote attackers with network access to execute arbitrary commands on affected devices. Affected versions inclu...

Stimulsoft 安全漏洞

Stimulsoft Stimulsoft Reports is an excellent set of reporting components for the .NET platform from Stimulsoft. NET platform for processing reports in JavaScript applications. A security vulnerability exists in Stimulsoft version 2013.1.1600.0, which stems from a vulnerability that allows an...

SharpNamedPipePTH - Pass The Hash To A Named Pipe For Token Impersonation

This project is a C tool to use Pass-the-Hash for authentication on a local Named Pipe for user Impersonation. You need a local administrator or SEImpersonate rights to use this. There is a blog post for explanation: https://s3cur3th1ssh1t.github.io/Named-Pipe-PTH/ It is heavily based on the code...

sharpimagesalonspa.ca Cross Site Scripting vulnerability OBB-2931621

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

sharp vulnerable to Command Injection in post-installation over build environment

There's a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their...

10secondsofcode-custom (=1.0.0), 11ty-dither (>=0.0.1 <=0.0.8) +4022 more potentially affected by CVE-2022-29256 via sharp (>=0.10.1 <=0.30.4)

sharp NPM version =0.10.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.1, =4.11.0, =1.0.0, =0.16.0, =0.1.0, =1.0.1-beta.1 and more Source cves: CVE-2022-29256 Source advisory: OSV:GHSA-GP95-PPV5-3JC5...

GHSA-GP95-PPV5-3JC5 sharp vulnerable to Command Injection in post-installation over build environment

There's a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their...

Arbitrary Command Injection

sharp is vulnerable to arbitrary command injection. An attacker is able to set the value of the PKGCONFIGPATH environment variable in a build environment which allows arbitrary command injection at npm install time...

CVE-2022-29256

sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...

CVE-2022-29256

CVE-2022-29256 affects sharp (Node.js image processing) versions prior to 0.30.5. If an attacker can control PKG_CONFIG_PATH in the build environment, they may inject arbitrary commands at npm install time (not a runtime issue; Windows builds are not affected). The issue is fixed in sharp v0.30.5...

CVE-2022-29256 Possible vulnerability at 'npm install' time in sharp if an attacker has control over build environment

sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...

sharp 操作系统命令注入漏洞

sharp is a program by the individual developers at lovell for converting large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF and AVIF images of different sizes. An operating system command injection vulnerability exists in versions prior to sharp 0.30.5. An attacker can...

PT-2022-19504 · Npm · Sharp

Name of the Vulnerable Software and Affected Versions: sharp versions prior to 0.30.5 Description: The issue is related to a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set th...

Russian APT Hackers Used COVID-19 Lures to Target European Diplomats

The Russia-linked threat actor known as APT29 targeted European diplomatic missions and Ministries of Foreign Affairs as part of a series of spear-phishing campaigns mounted in October and November 2021. According to ESET's T3 2021 Threat Report shared with The Hacker News, the intrusions paved t...

sharpimagesalonspa.ca Cross Site Scripting vulnerability OBB-2345740

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Microsoft Windows Explorer Preview Pane Security Bypass Vulnerability

Previewing a WMA/WMV media format on Windows Explorer through its Preview Pane causes embedded URLs to be automatically opened in the default browser without displaying any prompt. Exploit Title: Windows Explorer Preview Pane WMV/WMA media Automatic URI Opening Vulnerability Exploit Author: Eduar...

Exploit for CVE-2021-1675

C and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527...

Multiple vulnerabilities in Sharp NEC Display Solutions' public displays

Overview Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain multiple vulnerabilities listed below. Command Injection CWE-77 - CVE-2021-20698 Buffer Overflow CWE-120 - CVE-2021-20699 Howard McGreehan of Aon's Cyber Solutions reported these vulnerabilities to Sharp NEC...