CVE-2019-20807

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces e.g., Python, Ruby, or Lua...

UBUNTU-CVE-2019-20807

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces e.g., Python, Ruby, or Lua...

CVE-2019-20807

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces e.g., Python, Ruby, or Lua...

CVE-2019-20807

CVE-2019-20807 affects Vim prior to 8.1.0881, where a user can bypass the rvim restricted mode and run arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, Lua). Affected product: Vim (Unix/Linux environments). Root cause: restricted-mode bypass enabling execution of external comma...

Cisco Firepower Management Center RCE (cisco-sa-20191112-asa-ftd-lua-rce)

According to its self-reported VDB version, Cisco Firepower Management Center is affected by a remote code execution vulnerability. An attacker with valid administrative credentials can configure an Advanced Detector on the FMC web interface and submit a malicious Lua script which, when pushed to...

lua-users.org Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1159101 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Updated crawl packages fix security vulnerability

Updated crawl packages fix security vulnerability crawl 0.24.0 and earlier are subject to possible remote code evaluation with lua loadstring CVE-2020-11722. This update fixes it, also updating crawl from version 0.23.2 to 0.24.1, with the following main gameplay changes: Vampire species simplifi...

openSUSE Security Update : crawl (openSUSE-2020-549)

This update for crawl fixes the following issues : - CVE-2020-11722: Fixed a remote code evaluation issue with lua loadstring boo1169381 Update to version 0.24.0 - Vampire species simplified - Thrown weapons streamlined - Fedhas reimagined - Sif Muna reworked Update to version 0.23.2 - Trap syste...

openSUSE: Security Advisory for crawl (openSUSE-SU-2020:0549-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-11966

In IQrouter through 3.3.1, the Lua function resetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

Design/Logic Flaw

In IQrouter through 3.3.1, the Lua function diagsetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

CVE-2020-11966

IQrouter vulnerable through version 3.3.1: the web-panel Lua function reset_password can be invoked remotely to arbitrarily change the root password. Affected: IQrouter firmware up to 3.3.1 (brand-new/unconfigured networks discussed in sources). Underlying issue: reset_password function exposes p...

CVE-2020-11964

IQrouter up to version 3.3.1 is affected by CVE-2020-11964 due to a vulnerability in the web-panel Lua function diag_set_password, which remote attackers can abuse to change the root password arbitrarily. Affected product: IQrouter firmware

PT-2020-12957 · Linux +2 · Linux +2

Name of the Vulnerable Software and Affected Versions: IQrouter versions 3.3.1 and earlier Description: The issue allows remote attackers to change the root password arbitrarily using the Lua function reset password in the web-panel. This can occur on a brand-new network that has not been...

EulerOS Virtualization 3.0.2.2 : lua (EulerOS-SA-2020-1477)

According to the version of the lua package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a...

Huawei EulerOS: Security Advisory for lua (EulerOS-SA-2020-1477)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenResty Environment Issues Vulnerabilities

OpenResty is China's Ou Rui software development OpenResty company's a Web application server based on Nginx and Lua . An environment issue vulnerability exists in the ngxhttpluasubrequest.c file in OpenResty versions prior to 1.15.8.4. The vulnerability stems from an unreasonable environmental...

Dungeon Crawl Stone Soup Code Issue Vulnerability

Dungeon Crawl Stone Soup is a single player video game. A security vulnerability exists in Dungeon Crawl Stone Soup versions prior to 0.25. The vulnerability can be exploited by a remote attacker to execute arbitrary code via a .crawlrc file with Lua bytecode...

UBUNTU-CVE-2020-11724

An issue was discovered in OpenResty before 1.15.8.4. ngxhttpluasubrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API...

CVE-2020-11722

Dungeon Crawl Stone Soup aka DCSS or crawl before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file...