Eclipse Che 安全漏洞

Eclipse Che is an open source Java-based online integrated development environment IDE from the Eclipse Foundation. A security vulnerability exists in Eclipse Che, which stems from a security issue in the language stack build of Eclipse Che version 6. An attacker who successfully exploited the...

Lex Li vscode-restructuredtext 访问控制错误漏洞

Lex Li vscode-restructuredtext is a Lex Li open source application. This extension provides rich reStructuredText language support for Visual Studio Code.An access control error vulnerability exists in versions prior to Lex Li vscode-restructuredtext 146.0.0, which stems from the inclusion of an...

Microsoft Azure Sphere mount namespace unsigned code execution vulnerability

Summary An unsigned code execution vulnerability exists in the mount namespace functionality of Microsoft Azure Sphere 21.01. A specially crafted shellcode could allow an adversary to execute an arbitrary binary in a tmpfs mount, leading to unsigned code execution. An attacker can switch to a new...

CVE-2021-29658

The CVE-2021-29658 entry concerns the vscode-rufo extension for Visual Studio Code, specifically versions before 0.0.4. The vulnerability allows an attacker to execute arbitrary binaries/code when a user opens a crafted workspace folder. Concrete details across connected documents consistently de...

CVE-2021-28956

The unofficial vscode-sass-lint aka Sass Lint extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Microsoft Visual Studio Code 安全漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A security vulnerability in Microsoft Visual Studio Code vscode-sass-lint 1.0.7 allows an attacker to execute arbitrary binaries when a user opens a crafted workspace...

Abstrium Pydio Cells Input Validation Error Vulnerability (CNVD-2020-33353)

Abstrium Pydio Cells is a next-generation file-sharing platform developed in the Go language by Abstrium France. A security vulnerability exists in Abstrium Pydio Cells version 2.0.4. The vulnerability can be exploited to allow an attacker to execute arbitrary binaries...

CVE-2020-12847

Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is...

CVE-2020-12847

CVE-2020-12847 affects Pydio Cells 2.0.4. An authenticated administrator can modify the mailer configuration (sendmail engine) and change the path to the sendmail binary without restriction, allowing execution of an arbitrary binary on the server. This is part of a set of vulnerabilities disclose...

CVE-2019-11200

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. Malicious binaries can be...

Input validation

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. Malicious binaries can be...

UBUNTU-CVE-2019-11200

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. Malicious binaries can be...

USN-4047-1 libvirt vulnerabilities

Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile...

FortiOS local privilege escalation via malicious use of USB storage devices

An admin user with superadmin privileges can execute an arbitrary binary contained on an USB drive plugged to a FortiGate, via linking the aforementioned binary to a command that is allowed to be run by the fnsysctl CLI command...

CVE-2018-5380

A vulnerability was found in Quagga, in the log formatting code. Specially crafted messages sent by BGP peers could cause Quagga to read one element past the end of certain static arrays, causing arbitrary binary data to appear in the logs or potentially, a crash...

cvs security problem

I found two security problems in cvs-1.10.8. 1 A committer can execute any binary in server using CVS/Checkin.prog or CVS/Update.prog. A committer can execute arbitrary binary on a cvs server using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when t...

cvs-1.10.8.txt

I found two security problems in cvs-1.10.8. 1 A committer can execute any binary in server using CVS/Checkin.prog or CVS/Update.prog. A committer can execute arbitrary binary on a cvs server using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when t...

CVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution

CVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution source: https://www.securityfocus.com/bid/1524/info A CVS committer can execute arbitrary binaries by using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when the directory is "checkout"ed and...

CVS Kit CVS Server 1.10.8 - 'Checkin.prog' Binary Execution

source: https://www.securityfocus.com/bid/1524/info A CVS committer can execute arbitrary binaries by using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when the directory is "checkout"ed and it is sent back to the server and executed with committin...