CVE-2026-3964

A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...

Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)

Summary The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sendi...

RHEL 9 : git (RHSA-2023:2319)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2319 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

CVE-2020-26894

LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell" function, it will attempt to search for "cmd.exe" in the folder of the current...

Code injection

LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell" function, it will attempt to search for "cmd.exe" in the folder of the current...

CVE-2020-26894

LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell" function, it will attempt to search for "cmd.exe" in the folder of the current...

Advanced Bash-Scripting Guide Code Execution

Advisory: Code Execution via Insecure Shell Function getoptsimple RedTeam Pentesting discovered that the shell function "getoptsimple", as presented in the "Advanced Bash-Scripting Guide", allows execution of attacker-controlled commands. Details ======= Product: Advanced Bash-Scripting Guide...

CrystalFTP Pro 2.8 - Remote Buffer Overflow Exploit

No description provided by source. / CrystalFTP Pro v2.8 Buffer Overflow Exploit 04/25/2005 despite the fact that nobody uses CrystalFTP i had to release a new version that replaces the first one. this overwrites the structured exception handler with a pop edx pop eax ret in kernel32.dll. this...

Technical analysis:“the meat machine”on encounters of an unknown virus-vulnerability warning-the black bar safety net

5 month 1 3 day morning, the author in the online test MySQL Fun vulnerability, in fact, can not say that the vulnerability can only be said to be a technology only, use the MySQL Fun to overcome a Xeon host, inside, the want to do some testing, but stumbled across this station the host of the...

Security fix for the ALT Linux 5 package sudo version 1:1.6.7p5-alt4

Nov. 12, 2004 Dmitry V. Levin 1:1.6.7p5-alt4 - Backported upstream fix that restricts exporting of shell functions and CDPATH shell variable CAN-2004-1051. - Added help to control...