100 matches found
CVE-2020-7627
node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...
Command injection
node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...
CVE-2020-7627
node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...
Command Injection
Overview node-key-sender is a module that send keyboard events to the operational system. Affected versions of this package are vulnerable to Command Injection. The argument arrParams in function execute can be controlled by users without any sanitization. PoC var root = require"node-key-sender";...
Command Injection
Overview serial-number is a simple Node.js module for accessing the serial number a.k.a. Dell Service Tag, asset tag of the local machine. Affected versions of this package are vulnerable to Command Injection. The cmdPrefix argument in serialNumber function is used by the exec function without an...
Memory Leak Vulnerability
pim-community-dev is vulnerable to memory leaks. The execute function in CalculateCompletenessCommand.php does not detach objects, leading to memory leaks resulting in an application crash...
CVE-2019-13597
s/sprm/s/dyn/PlayersetScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the execute function...
Tyto Software Sahi Pro Remote Command Execution Vulnerability
Tyto Software Sahi Pro is a suite of automated testing tools from Tyto Software India. A remote command execution vulnerability exists in s/sprm/s/dyn/PlayersetScriptFile in Tyto Software Sahi Pro version 8.0.0. The vulnerability can be exploited by an attacker to execute commands with the help o...
ZenPhoto 1.4.8 - Multiple Vulnerabilities
Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto http://www.zenphoto.org/ Affected Version: 1.4.8 probably also prior versions Patched Version: 1.4.9 Risk: Medium Vendor Contacted: 2015-05-18 Vendor Fix: 2015-07-09 Public Disclosure: 2015-07-10 SQL Injection...
ZenPhoto 1.4.8 - Multiple Vulnerabilities
ZenPhoto 1.4.8 - Multiple Vulnerabilities Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto http://www.zenphoto.org/ Affected Version: 1.4.8 probably also prior versions Patched Version: 1.4.9 Risk: Medium Vendor Contacted: 2015-05-18 Vendor Fix: 2015-07-09...
ZenPhoto 1.4.8 - Multiple Vulnerabilities
ZenPhoto version 1.4.8 suffers from cross site scripting, remote SQL injection, and path traversal vulnerabilities. Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto http://www.zenphoto.org/ Affected Version: 1.4.8 probably also prior versions Patched Version...
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : vim vulnerabilities (USN-712-1)
Jan Minar discovered that Vim did not properly sanitize inputs before invoking the execute or system functions inside Vim scripts. If a user were tricked into running Vim scripts with a specially crafted input, an attacker could execute arbitrary code with the privileges of the user invoking the...
Debian Security Advisory DSA 1733-1 (vim)
The remote host is missing an update to vim announced via advisory DSA 1733-1. OpenVAS Vulnerability Test $Id: deb17331.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1733-1 vim Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
Debian DSA-1733-1 : vim - several vulnerabilities
Several vulnerabilities have been found in vim, an enhanced vi editor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-2712 Jan Minar discovered that vim did not properly sanitise inputs before invoking the execute or system functions inside vim...
vim: command execution via scripts not sanitizing inputs to execute and system
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using 1 filetype.vim, 3 xpm.vim, 4 gzipvim, and 5 netrw. NOTE: the...
vim: command execution via scripts not sanitizing inputs to execute and system
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using 1 filetype.vim, 3 xpm.vim, 4 gzipvim, and 5 netrw. NOTE: the...
CVE-2008-2712
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using 1 filetype.vim, 3 xpm.vim, 4 gzipvim, and 5 netrw. NOTE: the...
IE ADODB.Connection对象Execute函数内存破坏漏洞
Internet Explorer是微软发布的非常流行的WEB浏览器。 IE中ADODB.Connection ActiveX对象的Execute函数存在内存破坏漏洞,允许远程攻击者通过诱骗用户访问恶意WEB页面或HTML文档导致浏览器崩溃或执行任意代码。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 在Internet Explorer中禁用ADODB.Connection ActiveX控件。为以下CLSID设置kill bit:...
Microsoft Internet Explorer - ADODB Execute Denial of Service (PoC)
Microsoft Internet Explorer - ADODB Execute Denial of Service PoC ADODB.Connection.Execute CRASH TEST function BangBang var a = new ActiveXObject'ADODB.Connection.2.7'; var b = 'FUCK'; while b.length WOW!!! Are U live? milw0rm.com 2006-10-24...
CVE-2006-3762
The CVE-2006-3762 entry concerns the Touch Control ActiveX control 2.0.0.55. A remote attacker can read, and possibly execute, arbitrary files by supplying a file:/// URI in the sPath parameter to the Execute function. This indicates a failure in input handling for file paths within the ActiveX c...