31 matches found
Moodle 安全漏洞
Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an Access Control Error vulnerability that stems from insufficient access control over the inclusion of an...
Command injection
Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command...
CVE-2021-3727
CVE-2021-3727 concerns the ohmyzsh rand-quote and hitokoto plugins. The description states that quotes fetched from external APIs (quotationspage.com and hitokoto.cn) could, if containing certain symbols, trigger a command injection when processed and printed via print -P. The root cause is not d...
CVE-2021-3727 OS Command Injection in ohmyzsh/ohmyzsh
Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command...
Boost Note 注入漏洞
Boost Note is an open source developer-friendly workspace with IDE-like UX. it provides the following features focusing on information management and searchability. A security vulnerability exists in Boost Note versions prior to 0.22.0 that stems from a lack of effective filtering and validation ...
GetSimple CMS 3.3.4 XML External Entity Injection Vulnerability
GetSimple CMS versions 3.1.1 through 3.3.4 suffer from an XML external entity injection vulnerability. ------------------------------------------------------------------ GetSimple CMS adddata$in; User input passed via the "data" POST parameter is not properly sanitized before being used in a call...
GetSimple CMS 3.3.4 XML External Entity Injection
------------------------------------------------------------------ GetSimple CMS adddata$in; User input passed via the "data" POST parameter is not properly sanitized before being used in a call to the "simplexmlloadstring" function at line 23. This can be exploited to carry out XML External Enti...
Sony Network Camera SNC-P5 1.0 - ActiveX viewer Heap Overflow PoC
No description provided by source. !-- Sony Network Camera SNC-P5 v1.0 ActiveX viewer Heap Overflow PoC Camera info http://bssc.sel.sony.com/BroadcastandBusiness/DisplayModel?id=79540 SNC-P5 External API documentation...
Sony Network Camera SNC-P5 v1.0 ActiveX viewer Heap Overflow PoC
No description provided by source. !-- Sony Network Camera SNC-P5 v1.0 ActiveX viewer Heap Overflow PoC Camera info http://bssc.sel.sony.com/BroadcastandBusiness/DisplayModel?id=79540 SNC-P5 External API documentation...
sony-heap.txt
Sub tryMe buff = String15000, "A" viewer.PrmSetNetworkParam buff, 1 End Sub...
Sony Network Camera SNC-P5 1.0 - ActiveX viewer Heap Overflow (PoC)
Sub tryMe buff = String15000, "A" viewer.PrmSetNetworkParam buff, 1 End Sub milw0rm.com 2007-06-27...