GHSA-RJ44-GPJC-29R7 [thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values

Impact Potential for arbitrary code execution in gpg-tagged property values only if decrypt: true option is enabled Patches A fix has already been released as v0.4.0 Workarounds By default, EGF parse functions do NOT attempt to decrypt values since GPG is only available in non-browser env. Howeve...

[thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values

Impact Potential for arbitrary code execution in gpg-tagged property values only if decrypt: true option is enabled Patches A fix has already been released as v0.4.0 Workarounds By default, EGF parse functions do NOT attempt to decrypt values since GPG is only available in non-browser env. Howeve...

CVE-2021-21412 [thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values

Potential for arbitrary code execution in npm package @thi.ng/egf gpg-tagged property values only if decrypt: true option is enabled. PR with patch has been submitted and will has been released as of v0.4.0 By default the EGF parse functions do NOT attempt to decrypt values since GPG only availab...

CVE-2020-15778

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a...

CVE-2019-20857

An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service markdown renderer hang via many backtick characters...

CVE-2019-20857

An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service markdown renderer hang via many backtick characters...

Command injection

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT%' parameter value containing Perl backtick characters...

CVE-2006-2043

na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "" backtick characters in the appliance's command line interface CLI...

TWiki Search.pm shell command injection

Added: 04/06/2006 CVE: CVE-2004-1037 BID: 11674 OSVDB: 11714 Background TWiki is a web-based collaboration platform written in PERL. Problem The Search.pm module does not sufficiently check search strings for illegal characters, allowing remote attackers to execute commands using search strings...

TWiki Search.pm shell command injection

Added: 04/06/2006 CVE: CVE-2004-1037 BID: 11674 OSVDB: 11714 Background TWiki is a web-based collaboration platform written in PERL. Problem The Search.pm module does not sufficiently check search strings for illegal characters, allowing remote attackers to execute commands using search strings...