EUVD-2007-4042

Malware in sbrugna...

AZL-79026 CVE-2022-41716 affecting package golang 1.25.7-1

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...

DEBIAN-CVE-2022-41716

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...

Code injection

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...

CVE-2022-41716 Unsanitized NUL in environment variables on Windows in syscall and os/exec

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...

CVE-2022-41716

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...

PT-2022-6167 · Go +3 · Go +3

Name of the Vulnerable Software and Affected Versions: Go versions prior to the fixed version Description: The issue is related to unsanitized NUL values in environment variables on Windows. Attackers may exploit this behavior to set arbitrary environment variables. In syscall.StartProcess and...

go -- syscall, os/exec: unsanitized NUL in environment variables

The Go project reports: syscall, os/exec: unsanitized NUL in environment variables On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for invalid environment variable values. A malicious environment variable value could exploit this behavior to set a value for a different...

CVE-2019-5012

An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise the...

Privilege escalation

An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise the...

Wacom driver startProcess function elevation of privilege vulnerability

Wacom driver is a driver for connecting and managing platform computers. An input validation error vulnerability exists in the startProcess function in Wacom driver. The vulnerability originates from a network system or product that does not properly validate input data. An attacker could use the...

Microsoft Visual Studio PDWizard.ocx ActiveX vulnerability

Added: 09/30/2007 CVE: CVE-2007-4891 BID: 25638 OSVDB: 37106 Background Microsoft Visual Studio is a product for facilitating software development on Windows operating systems. Problem ActiveX controls contained in the PDWizard.ocx file in Microsoft Visual Studio 6.0 expose the StartProcess metho...

VMware vielib.dll StartProcess command execution

Added: 09/25/2007 CVE: CVE-2007-4058 BID: 25118 OSVDB: 42078 Background VMware is a suite of products supporting the creation and operation of virtual machines , which are self-contained, independent guest operating systems running within a host operating system. Problem The StartProcess function...

VMware vielib.dll StartProcess command execution

Added: 09/25/2007 CVE: CVE-2007-4058 BID: 25118 OSVDB: 42078 Background VMware is a suite of products supporting the creation and operation of virtual machines, which are self-contained, independent guest operating systems running within a host operating system. Problem The StartProcess function ...

Microsoft Visual Studio 6.0 (PDWizard.ocx) Remote Command Execution

No description provided by source. pre codespan style="font: 10pt Courier New;"span class="general1-symbol"body bgcolor="E0E0E0"------------------------------------------------------------------------------------------------------ bMicrosoft Visual Studio 6.0 PDWizard PDWizard.ocx = 6.0.0.9782...

Microsoft Visual Studio 6.0 (PDWizard.ocx) Remote Command Execution

No description provided by source. pre codespan style="font: 10pt Courier New;"span class="general1-symbol"body bgcolor="E0E0E0"------------------------------------------------------------------------------------------------------ bMicrosoft Visual Studio 6.0 PDWizard PDWizard.ocx = 6.0.0.9782...

msvs-pdwiz.txt

------------------------------------------------------------------------------------------------------ Microsoft Visual Studio 6.0 PDWizard PDWizard.ocx url: http://www.microsoft.com author: shinnai mail: shinnaiatautisticidotorg site: http://shinnai.altervista.org This was written for educationa...

Microsoft Visual Studio 6.0 - PDWizard.ocx Remote Command Execution

Microsoft Visual Studio 6.0 - PDWizard.ocx Remote Command Execution ------------------------------------------------------------------------------------------------------ Microsoft Visual Studio 6.0 PDWizard PDWizard.ocx url: http://www.microsoft.com author: shinnai mail: shinnaiatautisticidotorg...

VMware vielib.dll ActiveX控件远程代码执行漏洞

BUGTRAQ ID: 25118 VMware Workstation是一款非常流行的虚拟PC机软件。 VMware intraprocesslogging.dll ActiveX控件实现上存在漏洞，远程攻击者可能利用此漏洞在用户系统上执行任意指令。 VMware中所捆绑的vielib.dll库中的StartProcess方式没有验证是否被应用程序或恶意用户调用，如果用户受骗访问了恶意网页的话，调用了该库的应用程序就可能导致以登录用户的权限执行任意指令。 VMWare Workstation 6.0 临时解决方法：...

vmware-vielib-exec.txt

:. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: vielib.dll 2.2.5.42958 VmWare Inc version 6.0.0 Remode Code Execution Exploit ============================================================================= Internal ID: VULWAR200707290. ----------- Introduction...