Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

CVE-2021-4430

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address th...

Design/Logic Flaw

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address th...

CVE-2021-4430 Ortus Solutions ColdBox Elixir ENV Variable defaultConfig.js information disclosure

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address th...

Admin account TakeOver

Description The endpoint api/system/update-env allows any authenticated users to change env variables of the back-end process : js process.envenvKey = value; The envKey value comes from here : js const envKey, checks = KEYMAPPINGkey; One of the value in the KEYMAPPING dictionnary is : js JWTSecre...

CVE-2022-46179 LiuOS vulnerable to Authorization Bypass through User-Controlled Key

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...

CVE-2022-0563

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from t...

CVE-2021-43780

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

Security update for golang-github-prometheus-prometheus (moderate)

openSUSE Security Update: Security update for golang-github-prometheus-prometheus Announcement ID: openSUSE-SU-2021:2664-1 Rating: moderate References: 1186242 SLE-18254 Cross-References: CVE-2021-29622 CVSS scores: CVE-2021-29622 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected...

CVE-2017-17527

delphigui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code...

Exim < 4.86.2 - Local Privilege Escalation

============================================= - Advisory release date: 10.03.2016 - Created by: Dawid Golunski - Severity: High/Critical ============================================= I. VULNERABILITY ------------------------- Exim 4.86.2 Local Root Privilege Escalation Exploit II. BACKGROUND...

POP Peeper 3.7 - Local Overflow (SEH)

POP Peeper 3.7 - Local Overflow SEH !/usr/bin/ruby Title: POP Peeper 3.7 SEH Exploit Tested on: Windows XP SP2 EN Target: POP Peeper 3.7.0.0 Download Link: http://www.poppeeper.com/download.php Author: Anastasios Monachos secuid0 - anastasiosmatgmaildotcom Greetz: offsec team, inj3ct0r team appda...

CVE-1999-1120

The vulnerability CVE-1999-1120 affects SGI IRIX 6.4 and earlier where netprint trusts the PATH environment variable to locate and execute the disable program. This trust allows local users to gain privileges. Documented impact indicates local privilege escalation; exploitation details are not pr...