EUVD-2024-55605

launch-editor vulnerable to command injection via the crafted request on Windows...

CVE-2024-52011

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

CVE-2024-52011

The CVE affects the launch-editor component used with Node.js in vite prior to version 2.9.0, where insufficient sanitization of the file argument in launchEditor allowed an attacker to execute arbitrary commands on Windows by supplying a filename with special characters. The issue is resolved in...

OS Command Injection

@react-native-community/cli is vulnerable to OS Command Injection. The vulnerability is due to an exposed endpoint that accepts attacker-controlled POST data and passes it to system execution paths without proper sanitization, which allows an unauthenticated network attacker to run arbitrary...

EUVD-2021-21084

Malware in sbrugna...

EUVD-2019-0169

Malware in sbrugna...

DEBIAN-CVE-2024-56334

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...

PHP 8.2.x < 8.2.20 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.20 advisory. - In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP- CGI on Windows, if the...

Yokogawa Rental & Lease Passage Drive 输入验证错误漏洞

The Yokogawa Rental & Lease Passage Drive is a passage drive endpoint from Yokogawa Rental & Lease, Japan. An input validation error vulnerability exists in Yokogawa Rental & Lease Passage Drive that stems from insufficient data validation of Passage Drive including inter-process communication,...

CVE-2021-26472

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges...

CVE-2018-6342

react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server either via CSRF or by direct reque...

Input validation

Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors...

HelpMe.pl

Winhlp32.exe Remote BufferOverrun exploit code. written by Gary O'leary-Steele Sec-1 Ltd. [email protected] For use as proof of concept Kernel32.dll version 5.0.2195.4272 Kernell32 jmp ebx 77E87793 $sploit = "\x55\x8b\xec\x8b\xc3". xc5 is ebp change if error "\xbe\xff\xff\xff\xff"...