go -- multiple vulnerabilities

The Go project reports: crypto/rand: rand.Read hangs with extremely large buffers On Windows, rand.Read will hang indefinitely if passed a buffer larger than 1 32 - 1 bytes. crypto/tls: session tickets lack random ticketageadd Session tickets generated by crypto/tls did not contain a randomly...

Hashicorp Nomad Access Control Issues

HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver...

The vulnerability of the exec() function in the ShellJS interpreter allows a malicious actor to gain unauthorized access to protected information, increase privileges, or cause service failures.

The vulnerability of the exec function in the ShellJS interpreter is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information, increase privileges, or cause service failures through specially created...

DEBIAN-CVE-2022-29162

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

AZL-9817 CVE-2022-29162 affecting package moby-runc for versions less than 1.1.2-2

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

Design/Logic Flaw

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

UBUNTU-CVE-2022-29162

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

CVE-2021-42897

A remote command execution RCE vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $POSTrname is directly passed into the $mysqlstr and is executed by exec...

CVE-2021-42897

A remote command execution RCE vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $POSTrname is directly passed into the $mysqlstr and is executed by exec...

Command injection

A remote command execution RCE vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $POSTrname is directly passed into the $mysqlstr and is executed by exec...

CVE-2021-42897

A remote command execution RCE vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $POSTrname is directly passed into the $mysqlstr and is executed by exec...

GHSA-7FH9-933G-885P Drupal Core Remote Code Execution Vulnerability

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations...

GHSA-WP3J-GV53-4PG8 fs-git command injection vulnerability

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

fs-git command injection vulnerability

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

Powershell Exec, Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager with UUID Support

Execute an x64 payload from a command via PowerShell. Spawn a piped command shell Windows x64 staged. Listen for an IPv6 connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/shell/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... m...

Powershell Exec, Find Tag Ordinal Stager

Execute an x86 payload from a command via PowerShell. Use an established connection Module Options msf use payload/cmd/windows/powershell/vncinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...

Powershell Exec, Windows Meterpreter Shell, Reverse TCP Inline (IPv6)

Execute an x86 payload from a command via PowerShell. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/powershell/meterpreterreverseipv6tcp msf payloadmeterpreterreverseipv6tcp show actions ...actions... msf...

Powershell Exec, Bind TCP Stager (Windows x86)

Execute an x86 payload from a command via PowerShell. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/powershell/vncinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...

Powershell Exec, Reverse HTTP Stager Proxy

Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP Module Options msf use payload/cmd/windows/powershell/vncinject/reversehttpproxypstore msf payloadreversehttpproxypstore show actions ...actions... msf payloadreversehttpproxypstore set ACTION msf...

Powershell Exec, Find Tag Ordinal Stager

Execute an x86 payload from a command via PowerShell. Use an established connection Module Options msf use payload/cmd/windows/powershell/meterpreter/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...