29 matches found
Claude HUD 代码问题漏洞
Claude HUD is a Claude Code plugin developed by Jarrod Watts, which displays context usage, tool states, and progress. Versions of Claude HUD prior to 0.0.12 contained code vulnerabilities. These vulnerabilities stemmed from command injection issues, allowing local attackers to execute arbitrary...
sudo security update
1.9.5p2-1.0.1.el810.5 - Fixes sudo -s unclosed sessions when usepty option used Orabug: 36952911 1.9.5p2-1.5 RHEL 8.10.0.Z ERRATUM - CVE-2026-35535 - Privilege escalation due to failure in privilege drop calls Resolves: RHEL-166060 1.9.5p2-1.3 RHEL 8.10.0.Z ERRATUM - sudo passes SHELL environment...
CVE-2026-22217
OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variable...
CVE-2026-32032 OpenClaw < 2026.2.22 - Arbitrary Shell Execution via Unvalidated SHELL Environment Variable
OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution vulnerability in shell environment fallback that trusts the unvalidated SHELL path from the host environment. An attacker with local environment access can inject a malicious SHELL variable to execute arbitrary commands wit...
CVE-2026-32032
OpenClaw vulnerable versions prior to 2026.2.22 allow arbitrary shell execution by trusting an unvalidated SHELL path from the host environment. A local attacker with environment access can inject a malicious SHELL variable to run commands with the OpenClaw process privileges. Impact is high (con...
CVE-2026-32032 OpenClaw < 2026.2.22 - Arbitrary Shell Execution via Unvalidated SHELL Environment Variable
OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution vulnerability in shell environment fallback that trusts the unvalidated SHELL path from the host environment. An attacker with local environment access can inject a malicious SHELL variable to execute arbitrary commands wit...
EUVD-2026-12730
OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variable...
CVE-2026-22217
OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variabl...
CVE-2026-22217 OpenClaw 2026.2.22 < 2026.2.23 - Arbitrary Binary Execution via $SHELL Environment Variable Trusted Prefix Fallback
OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variabl...
Untrusted Search Path
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path through the SHELL environment variable fallback. An attacker can execute arbitrary commands by supplying a malicious path in the SHELL environment variable, which is...
CVE-2023-31429
Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of...
EUVD-2000-0392
Malware in sbrugna...
EUVD-2023-35737
Malicious code in bioql PyPI...
CVE-2023-31429
Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of...
SUSE-SU-2020:3089-1 Security update for pacemaker
This update for pacemaker fixes the following issues: - attrd: handle shutdown more cleanly bsc1173668 - executor: restrict certain IPC requests to Pacemaker daemons CVE-2020-25654, bsc1177916 - extra: quote shell variables in agent code where appropriate bsc1175557 - fencer: restrict certain IPC...
Brocade Fabric OS shell variable modification vulnerability
Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade in the United States. A shell variable modification vulnerability exists in the command line interface in Brocade Fabric OS. An attacker could exploit this vulnerability to modif...
CyBoards PHP Lite Default_Header.PHP远程文件包含漏洞
CyBoards PHP Lite是一款基于PHP的WEB应用程序。 CyBoards PHP Lite不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'DefaultHeader.PHP'脚本对用户提交的WEB参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 Cyboards PHP Lite 1.21 目前没有解决方案提供: http://www.gold-sonata.com/index.phtml?content=script/forums&menu=script Coded by bd0rk || SOH-Cr...
PostNuke Module phgstats 0.5 - 'phgdir' Remote File Inclusion
PostNuke Module phgstats 0.5 phgdir Remote File Include Exploit Vendor: http://kent.dl.sourceforge.net/sourceforge/phgstats/phgstats0.5.zip Vulnerable Code: includeonce$phgdir . 'settings/config.inc.php'; Coded by bd0rk || SOH-Crew Usage: expl.pl target cmd shell shell variable Greetings: str0ke,...
phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit
Exploit for unknown platform in category web applications ============================================================== phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit ============================================================== !/usr/bin/perl phpBB Module NoMoKeTos Rules 0.0.1...
MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit
No description provided by source. !/usr/bin/perl """"""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """...