CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

UBUNTU-CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

Github ejs 代码注入漏洞

Github ejs is an embedded JavaScript template. A code injection vulnerability exists in ejs version 3.1.6, which stems from server-side template injection being possible in settingsview optionsoutputFunctionName. This is parsed as an internal option and the outputFunctionName option is overridden...

PT-2022-3563

Name of the Vulnerable Software and Affected Versions ejs versions 3.1.6 Description The issue is related to the ejs package for Node.js, which allows server-side template injection in settingsview optionsoutputFunctionName. This can be parsed as an internal option and overwrites the...

PYSEC-2021-101

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

PHP Code Injection by malicious function name in smarty

Template authors could inject php code by choosing a malicous function name. Sites that cannot fully trust template authors should update as soon as possible. Please upgrade to 3.1.39 or higher...

DEBIAN-CVE-2021-26120

Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring...

UBUNTU-CVE-2021-26120

Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring...

CVE-2021-26120

Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring...

CVE-2021-26120

Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring...

CVE-2020-27051

In NFARwI93WriteMultipleBlocks of nfarwapi.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Andro...

UPDATE: Empire 3.1.0

Empire 3.1.0 was released a few hours ago! If you remember, I briefly mentioned about this tool in my five month old post titled – List of Open Source C2 Post-Exploitation Frameworks. It’s a very good thing that, BC-Security has taken over the development of the tool and has made some awesome...

Command Injection

Overview aws-lambda is a command line tool deploy code to AWS Lambda. Affected versions of this package are vulnerable to Command Injection. The config.FunctioName is used to construct the argument used within the exec function without any sanitization. It is possible for a user to inject arbitra...

CVE-2019-1010238

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...

Regular Expression Denial Of Service (ReDoS)

jasmine-core is vulnerable to a Regular Expression Denial of Service ReDoS attack. The regular expression ^\sfunction\s\w\s\ is used to obtain the function name from the JS toString output of a function, which can result in a matching time of approximately 10 seconds for data that is 64K...

The vulnerability of the audio driver of the mobile application MSM for the Android operating system allows a hacker to trigger a memory overflow in the buffer dynamic area.

The vulnerability of the Android mobile application’s audio driver relates to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to trigger a numerical overflow, followed by an overflow of the dynamic memory buffer. This occurs if the function name is too long...

Design/Logic Flaw

The findnearestline function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write of size 1 while disassembling a corrupt binary that contains an empty function name, leading to a program crash...

UBUNTU-CVE-2017-7224

The findnearestline function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write of size 1 while disassembling a corrupt binary that contains an empty function name, leading to a program crash...

DEBIAN-CVE-2017-7224

The findnearestline function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write of size 1 while disassembling a corrupt binary that contains an empty function name, leading to a program crash...

CVE-2017-7224

The findnearestline function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write of size 1 while disassembling a corrupt binary that contains an empty function name, leading to a program crash...