Veritas Backup Exec 安全漏洞

Veritas Technologies Veritas Backup Exec is a powerful suite of data backup and recovery tools from Veritas Technologies. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies installation and improves manageability...

Veritas Backup Exec 安全漏洞

Veritas Technologies Veritas Backup Exec is a powerful suite of data backup and recovery tools from Veritas Technologies. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies installation and improves manageability...

PT-2021-7746

Name of the Vulnerable Software and Affected Versions Veritas Backup Exec versions prior to 21.2 Description A flaw exists in Veritas Backup Exec related to weaknesses in the authentication process when using the SHA cryptographic algorithm. This allows a remote attacker to gain unauthorized acce...

CVE-2019-25022

An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime.exec without validation...

Command Injection

theme-core is vulnerable to command injection. An attacker may inject malicious command via the lib/utils.js. The vulnerability exists due to the insecure usage of the exec function with unsanitized values...

Arbitrary Command Injection

Overview onion-oled-js is a JS library that exposes a collection of functions that wrap the oled-exp executable that controls the onion omega OLED display. Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the scroll...

Arbitrary Command Injection

Overview portkiller is a port killer. Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input...

Arbitrary Command Injection

Overview killport is an a nodejs module to kill any processes base on its port Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

Arbitrary Command Injection

Overview kill-process-by-name is a Kills all processes by a certain program Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

Arbitrary Command Injection

Overview killing is a Kill Process Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input...

Arbitrary Command Injection

Overview kill-by-port is a kills process by port Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

Arbitrary Command Injection

Overview ps-kill is a Kill processes with ease Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exe...

Arbitrary Command Injection

Overview roar-pidusage is a Cross-platform process cpu % and memory usage of a PID — Edit Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible f...

container-tools:2.0 bug fix update

An update is available for fuse-overlayfs, container-selinux, udica, toolbox, conmon, skopeo, python-podman-api, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Node.JS - 'node-serialize' Remote Code Execution (2)

Exploit Title: Node.JS - 'node-serialize' Remote Code Execution 2 Exploit Author: UndeadLarva Software Link: https://www.npmjs.com/package/node-serialize Version: 0.0.4 CVE: CVE-2017-5941 import requests import re import base64 import sys url = 'http://192.168.100.133:8000/' change this payload =...

Visual Studio Code Remote Code Execution Vulnerability

...

Insecure Access Controls

HashiCorp Nomad and Nomad Enterprise uses insecure access controls. Exec and Java task drivers are able to access processes associated with other tasks on the same node...

Remote Code Execution (RCE)

launchpad is vulnerable to remote code execution RCE. The vulnerability exists through execcommand in the stop function...

CVE-2021-3283

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3...

UBUNTU-CVE-2021-3283

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3...