169 matches found
SwiftTerm 安全漏洞
SwiftTerm is a VT100/Xterm terminal emulator library for Swift applications from the individual developer Miguel de Icaza. SwiftTerm suffers from a security vulnerability that stems from the fact that an attacker can modify the window title with a specific character escape sequence and then inser...
NuProcess vulnerable to command-line injection through insertion of NUL character(s)
Impact In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's ProcessBuilder isn't vulnerable because of a check in...
Design/Logic Flaw
NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's...
UBUNTU-CVE-2022-39243
NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's...
CVE-2022-39243 NuProcess vulnerable to command-line injection through insertion of NUL character(s)
NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's...
CVE-2022-39243 NuProcess vulnerable to command-line injection through insertion of NUL character(s)
NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's...
PT-2022-24837 · Nuprocess · Nuprocess
Name of the Vulnerable Software and Affected Versions: NuProcess versions 1.2.0 through 2.0.4 Description: NuProcess is an external process execution implementation for Java that is vulnerable to command line injection attacks. Attackers can use NUL characters in their strings to inject command...
CVE-2022-36035 Flux CLI Workload Injection
Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration like Git repositories, and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allow...
ThoughtWorks GoCD Information Disclosure Vulnerability
ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. An information disclosure vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker with the right to create a new pipeline on the GoCD server by abusing the Git U...
CVE-2021-43286
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...
CVE-2021-43286
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...
ThoughtWorks GoCD 信息泄露漏洞
ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. An information disclosure vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker with the right to create a new pipeline on the GoCD server by abusing the Git U...
Design/Logic Flaw
A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...
CVE-2020-12124
Summary of verified details : The WAVLINK WN530H4 device is affected by a remote command-injection vulnerability in the /cgi-bin/live_api.cgi endpoint. Technical content in the connected nuclei template confirms unauthenticated command execution as root, with high-risk impact. The vulnerability a...
CVE-2020-12124
A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...
The Return of Raining SYSTEM Shells with Citrix Workspace app
TL;DR Back in July I documented a new Citrix Workspace vulnerability that allowed attackers to remotely execute arbitrary commands under the SYSTEM account. Well after some further investigation on the initial fix I discovered a new vector that quite frankly should not exist at all since the...
CVE-2020-8797
Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call aka Command Line Injection, if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network...
CVE-2020-8797
Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call aka Command Line Injection, if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network...
CVE-2020-8797
Juplink RX4-1500 v1.0.3 is affected by CVE-2020-8797 due to a command injection from an unsanitized exec call when the telnetd service is enabled and an admin can authenticate from the local network. This allows a local attacker to gain root access to the Linux subsystem. The connected sources pr...
CVE-2018-1002101
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection...