CVE-2025-8956

A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-8956

A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2024-7440

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. It is possible to initiate the attack remotel...

PT-2024-38353 · Vivotek · Vivotek Ib8367A

Name of the Vulnerable Software and Affected Versions: Vivotek IB8367A VVTK-0100b affected versions not specified Description: A critical vulnerability has been found in the function getenv of the file upload file.cgi. The manipulation of the argument QUERY STRING leads to command injection. It i...

PT-2024-38352 · Vivotek · Vivotek Sd9364

Name of the Vulnerable Software and Affected Versions: Vivotek SD9364 VVTK-0103f affected versions not specified Description: A critical issue affects the function getenv of the file upload file.cgi. The manipulation of the argument QUERY STRING leads to command injection. The attack may be...

PT-2024-38350 · Vivotek · Vivotek Cc8160

Name of the Vulnerable Software and Affected Versions: Vivotek CC8160 VVTK-0100d affected versions not specified Description: A critical vulnerability affects the function getenv of the file upload file.cgi. The manipulation of the argument QUERY STRING leads to command injection. It is possible ...

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a PoC Proof of Concept exploit for the CVE-2021-3156 vulnerability in the sudo package. The vulnerability is a heap-based buffer overflow that can be exploited to gain elevated privileges. The exploit is written in C and uses a brute-force approach to identify the correct offset and...

CVE-2013-5653

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file...

CVE-2013-5653

CVE-2013-5653 affects Ghostscript and stems from the getenv and filenameforall functions not honoring -dSAFER, enabling an attacker to read environment variables or list directories via a crafted PostScript document. The issue is documented across multiple sources (e.g., NVD description and IBM P...

CVE-2013-5653

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file...

CVE-2005-3346

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...

CVE-2005-3346

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...