Arbitrary Argument Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary Argument Injection in a push operation. A user with permission to create or modify workflows can read arbitrary files on the server by injecting CLI flags during workflow creation or...

CVE-2026-42866

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

Arbitrary Argument Injection

ggit is vulnerable to Arbitrary Argument Injection. The vulnerability is due to the failure to sanitize user input and improper handling of command-line flags and doesn't validate the URL scheme or properly pass arguments to the git binary using the necessary -- POSIX characters, allowing attacke...

ggit is vulnerable to Arbitrary Argument Injection via the clone() API

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

CVE-2024-21533

GGIT is affected across all versions by Arbitrary Argument Injection via the clone() API. The root cause is failure to sanitize user input and validate URL schemes, plus improper handling of git command-line flags (using -- to end options). Public details include a PoC from Snyk and a GitHub gist...

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

GO-2023-1723 SpiceDB binding metrics port to untrusted networks and can leak command-line flags in github.com/authzed/spicedb

SpiceDB binding metrics port to untrusted networks and can leak command-line flags in github.com/authzed/spicedb...

GHSA-6F9P-G466-F8V8 blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API

Versions of the blamer package before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API

Versions of the blamer package before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

CVE-2023-26143

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

Input validation

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

CVE-2023-26143

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

CVE-2019-14944

CVE-2019-14944 affects GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. The issue in Gitaly allows injection of command-line flags, which can lead to privilege escalation or remote code execution . Affected component is the Gitaly binary used by Gi...

CVE-2023-29193 SpiceDB binding metrics port to untrusted networks and can leak command-line flags

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The...

PT-2023-2479 · Spicedb · Spicedb

Name of the Vulnerable Software and Affected Versions: SpiceDB versions prior to 1.19.1 Description: The issue is related to the SpiceDB database system, specifically with the /debug/pprof/cmdline endpoint served by the metrics service, which reveals command-line flags provided for debugging...

Jeeves - Time-Based Blind SQLInjection Finder

Jeeves is made for looking to Time-Based Blind SQLInjection through recon. - Installation & Requirements: Installing Jeeves  $ go install github.com/ferreiraklet/Jeeves@latest OR $ git clone https://github.com/ferreiraklet/Jeeves.git $ cd Jeeves $ go build jeeves.go $ chmod +x jeeves $ ./jeeves...

Ransomware-Simulator - Ransomware Simulator Written In Golang

The goal of this repository is to provide a simple, harmless way to check your AV's protection on ransomware. This tool simulates typical ransomware behaviour, such as: Staging from a Word document macro Deleting Volume Shadow Copies Encrypting documents embedded and dropped by the simulator into...

Python Multi Threaded Tor Proxy: pyMultitor

Python Multi Threaded Tor Proxy Installation Prerequisites Python 2.7+. A C compiler, Python headers, etc. are needed to compile several dependencies. On Ubuntu, sudo apt-get install -y build-essential libssl-dev python-setuptools python-pip python-wheel python-dev On Fedora, sudo dnf install -y...