577 matches found
Command injection
Command injection vulnerability in nwinterface.html in SHARP multifunction printers MFPs's Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System Monochrome 200 or...
CVE-2022-45796
CVE-2022-45796 affects SHARP Digital Full-color Multifunctional System and related monochrome MFPs. The vulnerability is a command injection in the nw_interface.html component, enabling remote attackers with network access to execute arbitrary commands on affected devices. Affected versions inclu...
CVE-2022-45796 SHARP Multifunction Printer - Command Injection
Command injection vulnerability in nwinterface.html in SHARP multifunction printers MFPs's Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System Monochrome 200 or...
Sharp Digital Full-color Multifunctional System 命令注入漏洞
The Sharp Digital Full-color Multifunctional System is a series of digital full-color multifunctional printers from Sharp, Japan. A command injection vulnerability exists in the Sharp Digital Full-color Multifunctional System, which is not properly protected with a strong administrator password a...
CVE-2022-45796 SHARP Multifunction Printer - Command Injection
Command injection vulnerability in nwinterface.html in SHARP multifunction printers MFPs's Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System Monochrome 200 or...
PT-2022-27644 · Sharp · Sharp Digital Multifunctional System +1
Name of the Vulnerable Software and Affected Versions: SHARP Digital Full-color Multifunctional System versions 202 or earlier SHARP Digital Full-color Multifunctional System versions 120 or earlier SHARP Digital Full-color Multifunctional System versions 600 or earlier SHARP Digital Full-color...
Stimulsoft 安全漏洞
Stimulsoft Stimulsoft Reports is an excellent set of reporting components for the .NET platform from Stimulsoft. NET platform for processing reports in JavaScript applications. A security vulnerability exists in Stimulsoft version 2013.1.1600.0, which stems from a vulnerability that allows an...
SharpNamedPipePTH - Pass The Hash To A Named Pipe For Token Impersonation
This project is a C tool to use Pass-the-Hash for authentication on a local Named Pipe for user Impersonation. You need a local administrator or SEImpersonate rights to use this. There is a blog post for explanation: https://s3cur3th1ssh1t.github.io/Named-Pipe-PTH/ It is heavily based on the code...
sharpimagesalonspa.ca Cross Site Scripting vulnerability OBB-2931621
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
GHSA-GP95-PPV5-3JC5 sharp vulnerable to Command Injection in post-installation over build environment
There's a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their...
sharp vulnerable to Command Injection in post-installation over build environment
There's a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their...
10secondsofcode-custom (=1.0.0), 11ty-dither (>=0.0.1 <=0.0.8) +4020 more potentially affected by CVE-2022-29256 via sharp (>=0.10.1 <=0.30.4)
sharp NPM version =0.10.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.1, =4.11.0, =1.0.0, =0.16.0, =0.1.0, =1.0.1-beta.1 and more Source cves: CVE-2022-29256 Source advisory: OSV:GHSA-GP95-PPV5-3JC5...
Arbitrary Command Injection
sharp is vulnerable to arbitrary command injection. An attacker is able to set the value of the PKGCONFIGPATH environment variable in a build environment which allows arbitrary command injection at npm install time...
CVE-2022-29256
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...
CVE-2022-29256 Possible vulnerability at 'npm install' time in sharp if an attacker has control over build environment
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...
CVE-2022-29256
CVE-2022-29256 affects sharp (Node.js image processing) versions prior to 0.30.5. If an attacker can control PKG_CONFIG_PATH in the build environment, they may inject arbitrary commands at npm install time (not a runtime issue; Windows builds are not affected). The issue is fixed in sharp v0.30.5...
PT-2022-19504 · Npm · Sharp
Name of the Vulnerable Software and Affected Versions: sharp versions prior to 0.30.5 Description: The issue is related to a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set th...
sharp 操作系统命令注入漏洞
sharp is a program by the individual developers at lovell for converting large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF and AVIF images of different sizes. An operating system command injection vulnerability exists in versions prior to sharp 0.30.5. An attacker can...
Russian APT Hackers Used COVID-19 Lures to Target European Diplomats
The Russia-linked threat actor known as APT29 targeted European diplomatic missions and Ministries of Foreign Affairs as part of a series of spear-phishing campaigns mounted in October and November 2021. According to ESET's T3 2021 Threat Report shared with The Hacker News, the intrusions paved t...
sharpimagesalonspa.ca Cross Site Scripting vulnerability OBB-2345740
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...