81 matches found
EUVD-1999-0936
Malware in sbrugna...
EUVD-2018-11175
Malware in sbrugna...
EUVD-2023-27696
Malicious code in bioql PyPI...
EUVD-2022-52862
Malicious code in bioql PyPI...
CVE-1999-0955
Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command...
PT-2024-5139 · Tenda · Tenda Ax1806
Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1 Description: A critical issue was found in the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to a stack-based buffer overflow. It is possible to...
GHSA-HJQ6-52GW-2G7P yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)
Summary The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in --exec, alo...
CVE-2024-2980
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14408. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The...
PT-2024-23000 · Tenda · Tenda F1203
Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A critical issue was found in the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to a stack-based buffer overflow. This issue can be...
CVE-2024-2815
A vulnerability classified as critical has been found in Tenda AC15 15.03.20multi. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand of the component Cookie Handler. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to laun...
CVE-2024-2708
A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has be...
PT-2024-2398 · Tenda · Tenda Ac15
Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.20 multi Description: A critical vulnerability has been found in the Tenda AC15 router, affecting the R7WebsSecurityHandler function of the /goform/execCommand file in the Cookie Handler component. The manipulation of...
PT-2023-16376 · Yugabyte · Yugabytedb
Name of the Vulnerable Software and Affected Versions: Yugabyte DB versions prior to 2.2.0.0 Description: The issue is related to External Control of Critical State Data and Improper Control of Generation of Code, also known as 'Code Injection' vulnerability. This vulnerability affects YugaByte,...
AZL-79026 CVE-2022-41716 affecting package golang 1.25.7-1
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
Improper Neutralization of Null Byte or NUL Character
Overview std/syscall is a Go standard library package std/syscall Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character. Go Vulnerability Report: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on...
CVE-2022-31309
A vulnerability in livecheck.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function...
CVE-2022-31845
A vulnerability in livecheck.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...
CVE-2022-31309
A vulnerability in livecheck.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function...
WAVLINK WN535 G3 安全漏洞
The WAVLINK WN535 G3 is a wireless router from the Chinese company WAVLINK. A security vulnerability exists in the WAVLINK WN535 G3 M35G3R.V5030.180927 version, which originates from a vulnerability in livecheck.shtml. An attacker can exploit this vulnerability to obtain sensitive router...
PT-2022-20680 · Wavlink · Wavlink Aerial X 1200M
Name of the Vulnerable Software and Affected Versions: WAVLINK AERIAL X 1200M version M79X3.V5030.191012 Description: A vulnerability in the live mfg.shtml file allows attackers to obtain sensitive router information via execution of the exec cmd function. Recommendations: For version...