CVE-2019-25362 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...

CVE-2019-25362

CVE-2019-25362 affects WMV to AVI MPEG DVD WMV Convertor 4.6.1217. It contains a stack-based buffer overflow in input handling that can be triggered by a crafted payload (~6000 bytes), overwriting license name and license code fields to execute arbitrary code and potentially spawn a bind shell on...

CVE-2019-25361 Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...

CVE-2019-25361

Ayukov NFTP client 1.71 contains a buffer overflow in the SYST command handling that enables remote code execution. A crafted SYST payload can trigger the overflow and execute a bind shell on port 5150. Public CVSS data indicate high to critical impact across confidentiality, integrity, and avail...

CVE-2019-25361 Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...

OpenClaw: Prevent shell injection in macOS keychain credential write

Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...

GHSA-4564-PVR2-QQ4H OpenClaw: Prevent shell injection in macOS keychain credential write

Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...

Exploit for Argument Injection in Gnu Inetutils

!Authorhttps://img.shields.io/badge/Author-Mohammed%20Idrees%...

DrakonixReverseShellPlayground

No d...

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the exec-approvals allowlist, when shell expansion is performed on argv tokens. An attacker can access sensitive files by supplying crafted arguments that leverage...

OpenClaw exec approvals: safeBins could bypass stdin-only constraints via shell expansion

Summary OpenClaw's exec-approvals allowlist supports a small set of "safe bins" intended to be stdin-only no positional file arguments when running tools.exec.host=gateway|node with security=allowlist. In affected configurations, the allowlist validation checked pre-expansion argv tokens, but...

GHSA-XVHF-X56F-2HPP OpenClaw exec approvals: safeBins could bypass stdin-only constraints via shell expansion

Summary OpenClaw's exec-approvals allowlist supports a small set of "safe bins" intended to be stdin-only no positional file arguments when running tools.exec.host=gateway|node with security=allowlist. In affected configurations, the allowlist validation checked pre-expansion argv tokens, but...

PT-2026-20369

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.8 through 2026.2.13 Description The software contains a command injection issue in the scripts/update-clawtributors.ts script. This affects contributors or maintainers, and CI systems, who execute bun...

PT-2026-20537

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...

PT-2026-20536

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...

PT-2026-23538

Name of the Vulnerable Software and Affected Versions openclaw versions prior to 2026.2.14 Description The OpenClaw exec-approvals allowlist validation checks tokens before expansion, but execution uses shell expansion. This allows safe binaries like head, tail, or grep to read arbitrary local...

📄 SAP NetWeaver 7.50 Visual Composer Metadata Shell Upload

SAP NetWeaver Visual Composer contains an unauthenticated file upload vulnerability in the metadata uploader component that allows attackers to upload arbitrary files including JSP web shells and WAR applications, leading to remote code execution on the SAP server. The vulnerability exists in the...

PT-2026-20567

Name of the Vulnerable Software and Affected Versions aquasecurity/trivy-action versions 0.31.0 through 0.33.1 Description A command injection issue exists in aquasecurity/trivy-action due to insufficient handling of action inputs when exporting environment variables. The action creates export VA...

PT-2026-20783

Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.31.0 Description The systeminformation library for node.js is susceptible to command injection through unsanitized output from the locate command within the versions function. This occurs when detecting th...

Startup

Startup – Professional Write-up Platform: TryHackMe Tar...