20 matches found
CVE-2026-25905 Lack of isolation in mcp-run-python leads to MCP server takeover
The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing...
PT-2026-7090
Name of the Vulnerable Software and Affected Versions MCP affected versions not specified Description The Python code executed by the 'runPython' or 'runPythonAsync' functions lacks isolation from other JavaScript code. This allows Python code to utilize Pyodide APIs to alter the JavaScript...
CVE-2023-4699
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series,...
EUVD-2013-0941
Malware in sbrugna...
Mitsubishi Electric MELSEC-Q Series 安全漏洞
The Mitsubishi Electric MELSEC-Q Series is a family of programmable logic controllers from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MELSEC-Q Series that arises from improper handling of the length parameter, which could result in an integer overflow th...
ASUS AiCloud 安全漏洞
ASUS AiCloud is a router control program from Asus China. A security vulnerability exists in ASUS AiCloud that stems from the presence of incorrect input insertion, which could lead to arbitrary command execution...
ASUS AiCloud 安全漏洞
ASUS AiCloud is a router control program from Asus China. A security vulnerability exists in ASUS AiCloud. An attacker could execute arbitrary commands by exploiting the vulnerability...
Network Time Protocol ntpq decodearr Stack-based Buffer Overflow (CVE-2018-7183)
A buffer overflow vulnerability has been discovered in the monitoring and control program ntpq of Network Time Protocol daemon. A successful attack would result in arbitrary code execution in the security context of the user...
CVE-2018-19093
An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClientsetCommandTerminationHandler in client/clientcontrol.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the clientexamplecontrol program...
CVE-2018-19093
An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClientsetCommandTerminationHandler in client/clientcontrol.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the clientexamplecontrol program...
CVE-2018-8872
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory...
Design/Logic Flaw
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory...
EMC AlphaStor buffer overflow
Buffer overflow on commands parsing in AlphaStor Library Control Program...
Buffer overflow
Buffer overflow in Drive Control Program DCP in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name...
Linux Kernel 2.6.x /proc Rootkit Backdoor (Unix/Darbe-A)
Linux Kernel 2.6.x /proc rootkitUnix/Darbe-A Date: ===== 2012-11-21 Introduction: ============= Unix/Darbe-A is a new kernel rootkit based /proc file system., modification is made in order to support kernel 2.6.x Detected ========...
[SECURITY] Fedora 12 Update: hamlib-1.2.10-2.fc12
Hamlib provides a standardised programming interface that applications can use to send the appropriate commands to a radio. Also included in the package is a simple radio control program 'rigctl', which lets one control a radio transceiver or receiver, either from command line interface or in a...
GoodTech Telnet Server <= 5.0.6 Buffer Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'GoodTech...
Novell NetMail <= 3.52d IMAP SUBSCRIBE Buffer Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Novell NetMa...
Symbian S60多媒体处理内存破坏漏洞
BUGTRAQ ID: 35590 Symbian S60是诺基亚智能手机所使用的操作系统。 S60操作系统的RealPlayer和彩信查看器所使用的多媒体处理代码中存在多个内存破坏漏洞,远程攻击者可以通过发送嵌入了视频文件的彩信来触发这些漏洞,导致控制程序计数器寄存器,在目标手机上执行任意代码。 以下函数库中存在这个漏洞: rarender.dll STH264HWDecHwDevice.dll clntcore.dll HxMmfCtrl.dll mdfh264payloadformat.dll MMFDevSound.dll ArmRV89Codec.dll Nokia Symbi...
Novell NetMail IMAP STATUS Buffer Overflow
This module exploits a stack buffer overflow in Novell's NetMail 3.52 IMAP STATUS verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution. This module requires Metasploit: https://metasploit.com/download Current source:...