PT-2023-12829 · Wifey · Wifey

Name of the Vulnerable Software and Affected Versions: wifey affected versions not specified Description: The issue is related to Command Injection via the connect function due to improper input sanitization. This allows for potential exploitation. No information is provided about the estimated...

npm wifey 安全漏洞

npm wifey is a NodeJS tool for managing wifi from the US company npm. A security vulnerability exists in wifey, which stems from improper cleaning of user input. An attacker can exploit this vulnerability to perform command injection via the connect function...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the connect function due to improper input sanitization. PoC js var wifey = require'wifey'; wifey.init; wifey.connect"ssid": "';touch EXPLOITED;"; Remediation There is no fixed version for wifey. Credit: JHU System...

MariaDB 格式化字符串错误漏洞

MariaDB is a free and open source database management system from the MariaDB Mariadb Foundation and a forked version of MySQL with the Maria storage engine. A format string error vulnerability exists in MariaDB due to a format string error in the CONNECT function implementation. A remote user wi...

PT-2021-8149 · Git +5 · Git +5

Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.30.1 Description: The issue is related to the git connect git function in the connect.c component of the Git distributed version control system. It allows a repository path to contain a newline character, which may...

Core FTP LE 2.2 - Denial of Service (PoC)

Exploit Title: Core FTP LE 2.2 - Denial of Service PoC Date: 2020-25-02 Exploit Author: Ismael Nava Vendor Homepage: http://www.coreftp.com/ Software Link: http://www.coreftp.com/download.html Version: 2.2 build 1947 Tested on: Windows 10 Home x64 CVE : n/a STEPS Open the program Core FTP LE In...

PT-2018-1557 · Protonvpn · Protonvpn Vpn Client

Name of the Vulnerable Software and Affected Versions: ProtonVPN VPN client version 1.5.1 Description: A code execution issue exists in the connect functionality of the ProtonVPN VPN client, allowing for privilege escalation. This can be triggered by a specially crafted configuration file, enabli...

UBUNTU-CVE-2016-10130

The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...

CVE-2015-7698

icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the 1 listShares function in Server.php or the 2 connect or 3 read function in Share.php...

Command injection

icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the 1 listShares function in Server.php or the 2 connect or 3 read function in Share.php...

WebGate eDVR Manager WESPMonitor.WESPMonitorCtrl.1 ActiveX Control Memory Misreference Vulnerability

WebGate eDVR Manager is an eDVR software manager from WebGate Korea. A memory misreference vulnerability exists in the 'Connect' function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control of WebGate eDVR Manager. A remote attacker could exploit this vulnerability to execute arbitrary code via ...

WebGate WebEyeAudio ActiveX Control Stack Buffer Overflow Vulnerability

WebGate WebEyeAudio ActiveX control is a Web-based camera audio control from WebGate Korea. A stack buffer overflow vulnerability exists in the 'Connect' function in the WebGate WebEyeAudio ActiveX control. A remote attacker can exploit this vulnerability to execute arbitrary code with the help o...

CVE-2015-2096

Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP address and a page reload...

CVE-2015-2093

Stack-based buffer overflow in the Connect function in the WebGate WebEyeAudio ActiveX control allows remote attackers to execute arbitrary code via a crafted value...

CVE-2015-2096

Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP address and a page reload...

Stack overflow

Stack-based buffer overflow in the Connect function in the WebGate WebEyeAudio ActiveX control allows remote attackers to execute arbitrary code via a crafted value...

CVE-2015-2093

Stack-based buffer overflow in the Connect function in the WebGate WebEyeAudio ActiveX control allows remote attackers to execute arbitrary code via a crafted value...

CVE-2015-2096

Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP address and a page reload...

CVE-2015-2096

WebGate eDVR Manager exposes the WESPMonitor.WESPMonitorCtrl.1 ActiveX control. CVE-2015-2096 is a use-after-free in the Connect() method that can allow remote code execution when an attacker provides an invalid IP address and reloads the page. The vulnerability is triggered by a freed pointer be...

ProFTPD 1.3.0/1.3.0 a (mod_ctrls support) Local Buffer Overflow Exploit vulnerabilities and attack code analysis-vulnerability warning-the black bar safety net

Exploit code URL: ! 1, Operating environment: 1, The ProFTPD 1.3.0/1.3.0 a 2, the compiled ProFTPD,--enable-ctrls option must be open ./ configure --enable-ctrls 3, the local user need to have through the Unix Socket permission to connect 2, The Run parameters: revenge@darklight$ ./...