Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks

APKLeaks prior to v2.0.4 allows remote authenticated attackers to execute arbitrary OS commands via package name inside the application manifest. Impact An authenticated attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or...

GHSA-8434-V7XW-8M9X Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks

APKLeaks prior to v2.0.4 allows remote authenticated attackers to execute arbitrary OS commands via package name inside the application manifest. Impact An authenticated attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or...

CVE-2021-21386 Improper Neutralization of Argument Delimiters in a Decompiling Package Process

APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be...

Mozilla Arbitrary Code Execution / Privilege Escalation Vulnerability

Hi @ll, back in 2015 and 2016, I disclosed several BLOODY beginner's errors alias epic failures in Mozilla's PERMANENTLY vulnerable executable installers for Windows, built by completely incompetent tinkerers: Defense in depth -- the Mozilla way: return and exit codes are dispensable alias and...