59 matches found
Out-of-bounds array access leads to panic
Affected versions of the crate have a bug where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it is not...
Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing
An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...
CVE-2022-40898
An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...
Exploring a New Class of Kernel Exploit Primitive
The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide variety of cases spanning different products, bug types and exploit primitives. One particularly interesting primitive we see is an arbitrary kernel pointer read. These often happen whe...
ALPINE-CVE-2021-43301
Stack overflow in PJSUA API when calling pjsuaplaylistcreate. An attacker-controlled 'filenames' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation...
Cross site scripting
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization...
log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint...
Type confusion
The npm package "striptags" is an implementation of PHP's striptags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause striptags to concatenate unsanitized strings when an array-like object is passed in as the html parameter. This can be abused by an attack...
Input validation
This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23381
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23359
This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...
CVE-2021-26917
PyBitmessage (versions up to 0.6.3.2) is affected by CVE-2021-26917. A crafted apinotifypath value can cause the application to write screen captures to potentially unwanted directories on the local host. The public descriptions note that there is no evidence these screen intercepts are transport...
Code injection
Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker...
CVE-2020-8137
Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker...
xterm.js: Mishandling of special characters allows for remote code execution
It was found that xterm.js does not sanitize terminal escape sequences in browser terminals allowing for execution of arbitrary commands. An attacker could exploit this by convincing a user with a xterm.js browser terminal to display an escape sequence by, for example, reading a from a log file...
Debian DSA-4347-1 : perl - security update
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-18311 Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perlmysete...
Vermillion FTP Daemon - 'PORT' Memory Corruption (Metasploit)
$Id: vermillionftpdport.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Design/Logic Flaw
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA formerly Computer Associates products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server...
CVE-2007-3336
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA formerly Computer Associates products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server...