OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained a security vulnerability. This vulnerability stemmed from storing the Nostr privateKey in plain text within the configuration files. It was exploited through a call...

Symlink Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the agents.files.get and agents.files.set methods. An attacker can access or modify files outside the intended workspace by exploiting symlink traversal, potentially...

MiracleLinux 7 : golang-1.9.4-1.el7 (AXSA:2018-2885:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2885:01 advisory. golang: arbitrary code execution during go get or go get -d CVE-2017-15041 golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesti...

EUVD-2005-1669

Malware in sbrugna...

EUVD-2019-16090

Malware in sbrugna...

EUVD-2020-3938

Malware in sbrugna...

CVE-2000-1223

quikstore.cgi in Quikstore Shopping Cart allows remote attackers to execute arbitrary commands via shell metacharacters in the URL portion of an HTTP GET request...

Cross-Site Request Forgery (CSRF)

typo3/cms-belog is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the backend user interface functionality involving deep links, which allows state-changing actions via HTTP GET without enforcing the appropriate HTTP method and allows an attacker to exploit the “Log...

3drudder-js (>=1.0.0 <=2.0.7), @131/fuse-bindings (>=2.11.0 <=2.11.1) +833 more potentially affected by CVE-2022-0355 via simple-get (>=1.4.3 <=2.7.1)

simple-get NPM version =1.4.3, =1.0.0, =2.11.0, =1.16.0, =1.0.2, =1.0.0, =1.0.0, =1.0.8, =1.0.0, =1.6.0, =0.2.1, =0.2.75, =0.3.4 and more Source cves: CVE-2022-0355 Source advisory: OSV:GHSA-WPG7-2C88-R8XV...

The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary code.

The vulnerability of the “go get” command in the Go programming language is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary code.

The vulnerability of the “go get” command in the Go programming language is related to insufficient validation of input data insufficient checking of the import path when using the “-u” flag. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially create...

The vulnerability of the “go get” implementation in the Go programming package allows a perpetrator to execute the “go get” command remotely.

The vulnerability of the “go get” command in the Golang programming language is related to the absence of blocking of arguments -fplugin= and -plugin= during the compilation of source code using GCC or Clang plugin functions. Exploiting this vulnerability allows a remote attacker to execute the “...

[SECURITY] [DSA 4380-1] golang-1.8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4380-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2019 https://www.debian.org/security/faq -...

Updated golang packages fix security vulnerability

A flaw was found in Go Lang. The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

DiskBoss Enterprise 'GET' Buffer Overflow Vulnerability

DiskBoss is a disk management tool. A buffer overflow vulnerability exists in DiskBoss Enterprise version 7.4.28, which can be exploited by an attacker to execute arbitrary code in the context of an affected application, possibly also resulting in a denial of service...

Ultra Electronics / AEP Networks - SSL VPN &#40;Netilla / Series A / Ultra Protect&#41; Vulnerabilities

Ultra Electronics / AEP Networks - SSL VPN Netilla / Series A / Ultra Protect Vulnerabilities http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabilities Release Date: 02-Oct-2014 Software: Ultra Electronics - Series A...

CVE-2014-6273

Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted URL...

Mini File Host 1.2.1 - &#039;language&#039; Local File Inclusion

!/usr/bin/perl Name: Mini File Host 1.2.1 "Security Fixed release" and earlier Vulnerability type: Local File Inclusion through POST requests pages/upload.php Authors: Scary-Boys: original GET-vulnerability, 2008-01-17 shinmai: POST-request vulnerability in latest version perl POC, 2008-01-19...

mIRC DCC Get Dialog File Spoofing Weakness

Binary data 1864.prm...

Cisco Security Advisory: HTTP GET Vulnerability in AP1x00

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: HTTP GET Vulnerability in AP1x00 Revision 1.0 For Public Release 2003 July 28 16:00 UTC GMT ---------------------------------------------------------------------- Contents Summary Affected Products Details Impact Software...