Exploit for Out-of-bounds Write in Solarwinds Serv-U

Serv-U CVE-2021-35211 Exploit Potential for DoS - check yo...

Information Disclosure

shelljs is vulnerable to information disclosure. The vulnerability exists in ShellJS exec function of exec.js because the file permissions have not been locked down which allows an attacker to gain access to sensitive information of file system of the running scripts and crash application...

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

PYSEC-2022-10

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method...

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

PYSEC-2022-10

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method...

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

Exploit for OS Command Injection in Docker

CVE-2019-5736 is a container escape vulnerability in Docker. The PoC Proof of Concept exploit for this vulnerability is available in the repository sekla/CVE-2019-5736-PoC. The exploit works by overwriting and executing the host system's runc binary from within the container. The exploit has two...

golang: syscall: don't close fd 0 on ForkExec error

There's a flaw in golang's syscall.ForkExec interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked...

GHSA-792J-9WJ3-J634 Command injection in github-todos

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

Command injection in github-todos

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

Google Golang 资源管理错误漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

CVE-2021-44684

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

CVE-2021-44684

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

Command injection

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

Github-Todos 操作系统命令注入漏洞

Github-Todos is used to convert Todo to Github issues by the French individual developer Nicolas Chambrier. A security vulnerability exists in naholyr github-todos 3.1.0, which stems from the range parameter of the hook subcommand being concatenated without any validation and used directly by the...

CVE-2021-44684

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...