Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment open-sourced by Node.js. A security vulnerability exists in Node.js that stems from mishandling of batch files, which allows malicious command line arguments to inject arbitrary commands and enable code execution even if she...

CVE-2025-0218

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-creat...

Exploit for Unrestricted Upload of File with Dangerous Type in Cleo Harmony

更多PoC见 https://pc.fenchuan8.com//index?for...

UBUNTU-CVE-2024-56668

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix qibatch NULL pointer with nested parent domain The qibatch is allocated when assigning cache tag for a domain. While for nested parent domain, it is missed. Hence, when trying to map pages to the nested parent, NU...

PT-2024-36978 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.13.0-rc1-00028-g4b50c3c3b998-dirty Description: A NULL pointer dereference issue has been resolved in the Linux kernel's iommu/vt-d component. The issue occurs when trying to map pages to a nested parent domai...

Exploit for Path Traversal in Iptanus Wordpress_File_Upload

The script is only intended for authorization system detection...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat

更多PoC见 https://pc.fenchuan8.com//index?forum=101158&yqm=DGR4X...

BIT-NODE-MIN-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

VulnCheck KEV: CVE-2023-32233

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled...

PT-2024-35766 · Siyuan · Siyuan

Name of the Vulnerable Software and Affected Versions: Siyuan version 3.1.11 Description: A SQL injection issue has been identified in Siyuan via the ids array parameter in the "/batchGetBlockAttrs" API endpoint. This allows for potential exploitation. Recommendations: For Siyuan version 3.1.11, ...

This Week in Spring - November 26th, 2024

This Week in Spring - November 26th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! Happy Spring Boot 3.4 release month to those who celebrate! And, also, Happy Thanksgiving to those who celebrate! Spring Boot 3.4 brings with it long-anticipated updates to the entire...

Bootiful Spring Boot 3.4: Spring Batch

The new release of Spring Batch 5.2 has a ton of features! Spring Batch is a compelling way to handle large but finite sequential data access. Think: reading from an SQL database and writing to a CSV, or reading from an FTP server and writing out an analysis of a MongoDB - batch processing. You...

CVE-2024-6248

Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The...

Exploit for OS Command Injection in Paloaltonetworks Pan-Os

🌟 CVE-2024-9474 Exploit Tool 🌟 🔧 Usage...

OESA-2024-2363 dcraw security update

This package contains dcraw, a command line tool to decode raw image data downloaded from digital cameras. Security Fixes: CVE-2017-13735 CVE-2017-14608 A stack-based buffer overflow in the findgreen function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remot...

Malicious code in larger-batch-ctr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 656e9c562903fe04cc05fafcf53492252e227e586138c11099ab475fcde70aee A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

SUSE CVE-2024-50090

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default xebbcreatejob appends a MIBATCHBUFFEREND to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at eac...

DEBIAN-CVE-2024-50090

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default xebbcreatejob appends a MIBATCHBUFFEREND to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at eac...

AZL-52816 CVE-2024-50090 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default xebbcreatejob appends a MIBATCHBUFFEREND to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at eac...

AZL-52617 CVE-2024-50090 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default xebbcreatejob appends a MIBATCHBUFFEREND to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at eac...