GHSA-HJQ6-52GW-2G7P yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)

Summary The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in --exec, alo...

LlamaIndex 代码注入漏洞

LlamaIndex is a data framework for an LLM application by the individual developer Jerry Liu. A code injection vulnerability exists in LlamaIndex that stems from insufficient input validation of the safeeval function in executils, which allows injection at the prompt, leading to arbitrary code...

UBUNTU-CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

CVE-2024-28931

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...

CVE-2024-28930 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

...

CVE-2024-29066

CVE-2024-29066 is an Windows DFS Remote Code Execution vulnerability. Affected: Windows Distributed File System (DFS). CVSS 3.1 base 7.2 (NETWORK, HIGH impact across Confidentiality, Integrity, Availability). Requirements: HIGH privileges, no user interaction; scope UNCHANGED. Concrete root-cause...

CVE-2023-47540

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.0.5 through 3.0.7 allows attacker ...

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

...

CVE-2024-2980

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14408. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The...

PT-2024-23000 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A critical issue was found in the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to a stack-based buffer overflow. This issue can be...

CVE-2024-2815

A vulnerability classified as critical has been found in Tenda AC15 15.03.20multi. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand of the component Cookie Handler. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to laun...

PT-2024-22790 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.128 Description: FreeScout is a self-hosted help desk and shared mailbox. The issue concerns OS Command Injection in the /public/tools.php source file. The value of the php path parameter is being executed as a...

CVE-2024-2708

A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has be...

Komm.One CMS Security Vulnerability

Komm.One CMS is a customer service management software from the German company Komm.One. A security vulnerability exists in Komm.One CMS version 10.4.2.14 that originates from a vulnerability that could allow a remote attacker to execute arbitrary code by specifying a URL for java.lang.Runtime in...

Financials By Coda Cross Site Scripting

Vulnerability type: Cross-site Scripting Vendor: https://www.unit4.com/ Product: Financials by Coda Product site: https://www.unit4.com/fr/products/financial-management-software Affected version: HTTP/2 Host: TIMELINE – 30/10/2023: Vulnerability found – 02/11/2023: Vendor informed – 05/12/2023:...

PT-2024-2398 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.20 multi Description: A critical vulnerability has been found in the Tenda AC15 router, affecting the R7WebsSecurityHandler function of the /goform/execCommand file in the Cookie Handler component. The manipulation of...

runc: file descriptor leak

A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...

Fedora: Security Advisory for apache-commons-exec (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: apache-commons-exec-1.3-31.fc40

Commons Exec is a library for dealing with external process execution and environment management in Java...

Deserialization of untrusted data

The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the orderid parameter. This makes it possible for authenticated attackers, with subscriber-level...