CVE-2020-28010

Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...

CVE-2020-28010

Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...

Privilege Escalation

exim4 is vulnerable to privilege escalation. The vulnerability exists due to a boundary error within the main function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system with elevated privileges...

Exim 缓冲区错误漏洞

Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. A heap out-of-bounds write vulnerability exists in main in Exim. No detailed vulnerability details are provided at this time...

Prototype Pollution in asciitable.js

The package asciitable.js before 1.0.3 is vulnerable to Prototype Pollution via the main function. PoC js var a = require"asciitable.js"; var b = JSON.parse'"proto":"test":123'; a,b; console.log.test...

GHSA-5PXJ-MHWJ-X5GV Prototype Pollution in asciitable.js

The package asciitable.js before 1.0.3 is vulnerable to Prototype Pollution via the main function. PoC js var a = require"asciitable.js"; var b = JSON.parse'"proto":"test":123'; a,b; console.log.test...

CVE-2020-7771

The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function...

CVE-2020-7771

The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function...

Victornpb Asciitable.js Security Vulnerability

Victornpb Asciitable is a Javascript-based codebase for generating Ascii tables from two-digit tables of strings by the individual developer of Victornpb. A security vulnerability exists in asciitable.js before 1.0.3, which stems from the vulnerability to prototype contamination in the main...

Command Injection

corenlp-js-prefab is vulnerable to command injection. The vulnerability is possible via the main function...

Command Injection

corenlp-js-interface is vulnerable to command injection. The vulnerability is possible via the main function...

CVE-2020-28440 Command Injection

All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via main function in index.js. PoC var a = require"get-npm-package-version"; a"& touch JHU"; Remediation Upgrade get-npm-package-version to version 1.0.7 or higher. References - GitHub Commit - NPM Package - Vulnerable...

Noahdess Corenlp-js-interface Command Injection Vulnerability

Noahdess Corenlp-js-interface is a JS-written Npm codebase for interacting with Stanford CoreNLP by the Noahdess individual developer. Noahdess Corenlp-js-interface suffers from a command injection vulnerability that stems from the fact that both corenlp-js-interface are susceptible to command...

Prototype Pollution

deep-get-set is vulnerable to prototype pollution. The vulnerability exists as the main function does not restrict proto, constructor and prototype headers to be set in objects...

stb_image.h Buffer Overflow Vulnerability

stbimage.h is an image library. A buffer overflow vulnerability exists in the 'stbiloadmain' function in stbimage.h version 2.23 used in libsixel and other products, which arises from a networked system or product that does not properly validate data boundaries when executing an operation in...

CVE-2019-19519

In OpenBSD 6.6, local users can use the su -L option to achieve any login class often excluding root because there is a logic error in the main function in su/su.c...

GNU binutils - disassemble_bytes Heap Overflow Exploit

Exploit for linux platform in category dos / poc Source: https://sourceware.org/bugzilla/showbug.cgi?id=21580 I have been fuzzing objdump with American Fuzzy Lop and AddressSanitizer. Please find attached the minimized file causing the issue "Input" and the ASAN report log "Output". Below is the...

PT-2017-7825 · Artifex +1 · Mupdf +1

Name of the Vulnerable Software and Affected Versions: MuPDF versions prior to 1.10 Description: The issue is related to a buffer overflow in the main function in jstest main.c in Mujstest, which allows remote attackers to cause a denial of service out-of-bounds write via a crafted file...

CVE-2017-5545

The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via Apple Property List data that is too short...