GO-2024-2998 Woodpecker's custom environment variables allow to alter execution flow of plugins in go.woodpecker-ci.org/woodpecker

Woodpecker's custom environment variables allow to alter execution flow of plugins in go.woodpecker-ci.org/woodpecker...

GHSA-3WF2-2PQ4-4RVC Woodpecker's custom environment variables allow to alter execution flow of plugins

Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...

CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

[SECURITY] Fedora 37 Update: bottles-51.6-1.fc37

Easily manage Wine prefix in a new way! Run Windows software and games on Linux. Features: Create bottles based on environments a set of rule and dependencies for better software compatibility Access to a customizable environment for all your experiments Run every executable .exe/.msi in your...

PHP safe_mode bypass via proc_open() and custom environment

No description provided by source. ----------------------------------------------------------------------- + safe-bypass-procopen.txt - yet another way to bypass PHP safemode. + + By Milen Rangelov [email protected] + ----------------------------------------------------------------------- This...

PHP - Safe_mode Bypass via proc_open() and custom Environment

PHP - Safemode Bypass via procopen and custom Environment ----------------------------------------------------------------------- + safe-bypass-procopen.txt - yet another way to bypass PHP safemode. + + By Milen Rangelov + ----------------------------------------------------------------------- Th...

PHP safe_mode bypass via proc_open() and custom environment

Exploit for linux platform in category local exploits =========================================================== PHP safemode bypass via procopen and custom environment ===========================================================...

PHP safe_mode can be bypassed via proc_open() and custom environment.

This should work provided that you have met the following requirements: 1 A writable directory under documentroot to place those files obviously 2 You don't have procopen in your disabledfunctions list 3 You are able to compile a shared library on the same platform as the target web server. Here ...

PHP - 'Safe_mode' Bypass via 'proc_open()' and custom Environment

----------------------------------------------------------------------- + safe-bypass-procopen.txt - yet another way to bypass PHP safemode. + + By Milen Rangelov + ----------------------------------------------------------------------- This should work provided that you have met the following...