19 matches found
Espanso 2.3.0 Configuration Security Auditor
This Python script implements a security auditing tool for Espanso configuration files. The EspansoSecurityAuditor class scans Espanso match configurations for potentially dangerous shell commands, insecure permissions, and suspicious execution patterns that could indicate malicious automation or...
AI-Code-Vulnerability-Scanner
AI-Code-Vulnerability-Scanner The AI Code Vulnerability Scanne...
EUVD-2026-23400
A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...
CVE-2026-30310
In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...
zeptoclaw has Android device shell blocklist bypass via argument permutation
Summary zeptoclaw implements a blocklist to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as rm -f and rm -rf, this can be simply bypassed by using different orders for these arguments, such ...
GHSA-HHJV-JQ77-CMVX zeptoclaw has Android device shell blocklist bypass via argument permutation
Summary zeptoclaw implements a blocklist to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as rm -f and rm -rf, this can be simply bypassed by using different orders for these arguments, such ...
EUVD-1999-0080
Malware in sbrugna...
CVE-2024-35222
Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the dangerousRemoteDomainIpcAccess in v1 and in the capabilities in v2. Valid commands with potentially...
Malicious code in keycloak-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3df989aa26dccceca3917c9b3454427df4f54e9c104fbc080e913d30af3e66b2 The OpenSSF Package Analysis project identified 'keycloak-server' @ 0.0.2 npm as malicious. It is considered malicious because: - The package...
Splunk Cloud Platform和Splunk Enterprise 安全漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. A securit...
CVE-2023-28110
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...
CVE-2023-28110 JumpServer Koko vulnerable to Command Injection for Kubernetes Connection
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...
CVE-2021-35064
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg...
CVE-2021-35064
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg...
CVE-2021-35064
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
PT-2021-20822
Name of the Vulnerable Software and Affected Versions KramerAV VIAWare affected versions not specified Description The software allows for privilege escalation due to improper sudo configuration. The sudoers file permits the execution of multiple dangerous commands, including unzip, systemctl, an...
CVE-2017-6712
A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing th...
CVE-1999-0080
Certain configurations of wu-ftp FTP server 2.4 use a PATHEXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command...
CVE-1999-0080
Certain configurations of wu-ftp FTP server 2.4 use a PATHEXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command...