3296 matches found
CVE-2020-15889
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members...
CVE-2020-15889
CVE-2020-15889 concerns Lua 5.4.0 with a getobjname heap-based buffer over-read caused by lgc.c markold handling insufficient list members. Affects Lua 5.4.0; upstream fix is to upgrade to 5.4.1 (per Arch Linux ASA-202010-5 and related advisories). Impact is described as remote code execution in ...
PT-2020-14689 · Lua · Lua
Name of the Vulnerable Software and Affected Versions: Lua versions prior to 5.4.0 Description: The issue is related to how Lua handles the interaction between stack resizes and garbage collection, leading to potential heap-based buffer overflow, heap-based buffer over-read, or use-after-free...
PT-2020-14690 · Lua · Lua
Name of the Vulnerable Software and Affected Versions: Lua version 5.4.0 Description: The issue is related to a heap-based buffer over-read in the getobjname function. This occurs because youngcollection in lgc.c uses markold for an insufficient number of list members. Recommendations: For Lua...
Wing FTP Server 6.3.8 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Wing FTP Server 6.3.8 - Remote Code Execution Authenticated Exploit Author: v1n1v131r4 Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download.htm Version: 6.3.8 Tested on: Windows 10 CVE : -- Wing FTP Server have a web console based on Lua...
Wing FTP Server 6.3.8 Remote Code Execution
Exploit Title: Wing FTP Server 6.3.8 - Remote Code Execution Authenticated Date: 2020-06-26 Exploit Author: v1n1v131r4 Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download.htm Version: 6.3.8 Tested on: Windows 10 CVE : -- Wing FTP Server have a web conso...
Wing FTP Server 6.3.8 - Remote Code Execution (Authenticated)
Exploit Title: Wing FTP Server 6.3.8 - Remote Code Execution Authenticated Date: 2020-06-26 Exploit Author: v1n1v131r4 Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download.htm Version: 6.3.8 Tested on: Windows 10 CVE : -- Wing FTP Server have a web conso...
Acronis: Local File Disclosure /Delete On [us-az-vpn.acronis.com]
Cisco ASA VPN server hosted on https://us-az-vpn.acronis.com was found to be using an outdated version that suffers from a Local File Disclosure /Delete vulnerability. Through this vulnerability an unauthenticated remote attacker can read and delete the contents of any file stored on the VPN serv...
The vulnerability of the lua_upvaluejoin function (lapi.c) in Lua script interpreters allows a hacker to cause a service failure.
The vulnerability of the luaupvaluejoin function lapi.c in Lua script interpreters is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
FreedroidRPG Input Validation Error Vulnerability
FreedroidRPG is an open source role-playing game from the Freedroid team. A security vulnerability exists in the savestructinternal.c file in FreedroidRPG version 1.0rc2, which originates from a saved game file being a Lua script file. The vulnerability stems from the fact that the saved game fil...
CVE-2020-14939
An issue was discovered in savestructinternal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading...
CVE-2020-14939
An issue was discovered in savestructinternal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading...
Code injection
An issue was discovered in savestructinternal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading...
CVE-2020-14939
An issue was discovered in savestructinternal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading...
UBUNTU-CVE-2020-14939
An issue was discovered in savestructinternal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading...
CVE-2020-14939
An issue was discovered in savestructinternal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading...
CVE-2020-14939
FreedroidRPG 1.0rc2 is affected by CVE-2020-14939 due to a flaw in savestruct_internal.c: saved game files are Lua scripts that recover a game’s state, allowing an attacker to inject arbitrary Lua code during loading. This can lead to arbitrary code execution on load. The vulnerability is locally...
CVE-2020-14939
An issue was discovered in savestructinternal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading...
PT-2020-14076 · Freedroidrpg +1 · Freedroidrpg +1
Name of the Vulnerable Software and Affected Versions: FreedroidRPG version 1.0rc2 Description: An issue was discovered in savestruct internal.c where saved game files, composed of Lua scripts, can be modified to include arbitrary Lua code. This leads to arbitrary code execution during game...
CVE-2020-14147
An integer overflow in the getnum function in luastruct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox restrictions via a large...