12 matches found
Malicious code in test-mlw2-haunt-carex-stirp-plash (npm)
The package test-mlw2-haunt-carex-stirp-plash was found to contain malicious code...
MAL-2025-46286 Malicious code in test-mlw2-haunt-carex-stirp-plash (npm)
The package test-mlw2-haunt-carex-stirp-plash was found to contain malicious code...
Malicious code in test-mlw2-plash-fleys (npm)
The package test-mlw2-plash-fleys was found to contain malicious code...
Malicious code in test-mlw2-holed-group-plash-gases (npm)
The package test-mlw2-holed-group-plash-gases was found to contain malicious code...
MAL-2025-35526 Malicious code in test-mlw2-holed-group-plash-gases (npm)
The package test-mlw2-holed-group-plash-gases was found to contain malicious code...
MAL-2025-35995 Malicious code in test-mlw2-plash-fleys (npm)
The package test-mlw2-plash-fleys was found to contain malicious code...
Plash沙盒中进程TIOCSTI ioctl()权限提升漏洞
Plash是用于在沙盒中运行GNU/Linux程序的系统,以使程序只能获得最低权限。 Plash没有正确的限制沙盒中的进程通过TIOCSTI ioctl向终端的文件描述符插入字符,如果该终端上运行着shell的话,恶意的沙盒中进程就可能以该shell的权限执行任意命令。 Plash 1.17 临时解决方法: 代理访问stdin/stdout/stderr,通过cat管道传输: cat | pola-run ... 2&1 | cat 厂商补丁: Plash ----- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Plash sandbox protection bypass
It's possible to execute any command via /dev/tty device...
Design/Logic Flaw
Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl...
CVE-2007-1400
Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl...
CVE-2007-1400
Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl...
CVE-2007-1400
Plash allows sandboxed processes to open /dev/tty via TIOCSTI, enabling local users to escape sandbox restrictions and send characters to a shell process on the same terminal to execute arbitrary commands. This CVE (CVE-2007-1400) is documented with a local-privilege/escalation impact and does no...