CVE-2015-10040 gitlearn Escape Sequence config.sh getOutOf injection

A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Handler. The manipulation leads to injection. The attack can be initiated remotely. The patch is...

CVE-2015-10040 gitlearn Escape Sequence config.sh getOutOf injection

A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Handler. The manipulation leads to injection. The attack can be initiated remotely. The patch is...

gitlearn 注入漏洞

gitlearn is an open source learning management system by Mike Izbicki, a personal developer. gitlearn suffers from an injection vulnerability that originates in the getGrade/getOutOf function of the file scripts/config.sh of the component Escape Sequence Handler, which is manipulated to cause...

PT-2023-10219 · Gitlearn · Gitlearn

Name of the Vulnerable Software and Affected Versions: gitlearn affected versions not specified Description: A vulnerability was found in the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Handler. This issue leads to injection and can be initiated...

GPAC MP4Box 安全漏洞

GPAC MP4Box is multimedia packager. It is mainly used to work with ISOBMF files e.g. MP4, 3GP, but can also be used to import/export media from container files such as AVI, MPG, MKV, MPEG-2 TS, etc. A security vulnerability exists in GPAC MP4Box version 2.1-DEV-rev593-g007bf61a0, which stems from...

PXEThief - Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager

PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager https://forum.defcon.org/node/241925 against the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager or ConfigMgr, still...

Exploit for Cross-Site Request Forgery (CSRF) in Filebrowser

CVE-2021-46398 - Lalie ARNOUD, Gaspard ANDRIEU In this reposi...

K64571774: BIG-IP virtual server TCP sequence numbers vulnerability CVE-2020-5947

Security Advisory Description On specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. CVE-2020-5947 Impact Attackers may be able to spoof TCP packet...

CVE-2022-34476

ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox 102...

CVE-2022-34476

ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox 102...

CVE-2022-22747

After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

DEBIAN-CVE-2022-22747

After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

kernel: KVM: VMX: Prevent RSB underflow before vmenter

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPECCTRL value is written, and the vmenter. Balanced returns matched by a preceding call are usually ok, but it's...

CVE-2022-37905

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system...

CVE-2022-37904

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system...

Design/Logic Flaw

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system...

PT-2022-28230 · Unknown · Candy Machine V2

Name of the Vulnerable Software and Affected Versions: Candy Machine V2 Description: A problem with Candy Machine V2 allows minting NFTs to an arbitrary collection due to a missing check. The issue can be exploited through a specific transaction sequence, involving two instructions. The first...

snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service...

Amazon Linux 2 : pcs (ALAS-2022-1895)

The version of pcs installed on the remote host is prior to 0.9.169-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1895 advisory. A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart...

CVE-2022-30123

A sequence injection vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack...