31217 matches found
SofaWiki 3.9.2 Shell Upload
This is a proof of concept remote shell upload exploit for SofaWiki version 3.9.2 that leverages an issue originally discovered in 2024...
CVE-2019-25362
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...
CVE-2019-25362
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...
CVE-2019-25362
CVE-2019-25362 affects WMV to AVI MPEG DVD WMV Convertor 4.6.1217. It contains a stack-based buffer overflow in input handling that can be triggered by a crafted payload (~6000 bytes), overwriting license name and license code fields to execute arbitrary code and potentially spawn a bind shell on...
CVE-2019-25362 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...
CVE-2019-25362 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...
CVE-2019-25361 Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow
Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...
CVE-2019-25361 Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow
Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...
CVE-2019-25361
Ayukov NFTP client 1.71 contains a buffer overflow in the SYST command handling that enables remote code execution. A crafted SYST payload can trigger the overflow and execute a bind shell on port 5150. Public CVSS data indicate high to critical impact across confidentiality, integrity, and avail...
GHSA-4564-PVR2-QQ4H OpenClaw: Prevent shell injection in macOS keychain credential write
Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...
OpenClaw: Prevent shell injection in macOS keychain credential write
Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...
Exploit for Argument Injection in Gnu Inetutils
!Authorhttps://img.shields.io/badge/Author-Mohammed%20Idrees%...
DrakonixReverseShellPlayground
No d...
GHSA-XVHF-X56F-2HPP OpenClaw exec approvals: safeBins could bypass stdin-only constraints via shell expansion
Summary OpenClaw's exec-approvals allowlist supports a small set of "safe bins" intended to be stdin-only no positional file arguments when running tools.exec.host=gateway|node with security=allowlist. In affected configurations, the allowlist validation checked pre-expansion argv tokens, but...
Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the exec-approvals allowlist, when shell expansion is performed on argv tokens. An attacker can access sensitive files by supplying crafted arguments that leverage...
OpenClaw exec approvals: safeBins could bypass stdin-only constraints via shell expansion
Summary OpenClaw's exec-approvals allowlist supports a small set of "safe bins" intended to be stdin-only no positional file arguments when running tools.exec.host=gateway|node with security=allowlist. In affected configurations, the allowlist validation checked pre-expansion argv tokens, but...
PT-2026-20783
Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.31.0 Description The systeminformation library for node.js is susceptible to command injection through unsanitized output from the locate command within the versions function. This occurs when detecting th...
PT-2026-20536
Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...
PT-2026-20369
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.8 through 2026.2.13 Description The software contains a command injection issue in the scripts/update-clawtributors.ts script. This affects contributors or maintainers, and CI systems, who execute bun...
PT-2026-20537
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...