Lucene search
K

31217 matches found

Packet Storm News
Packet Storm News
added 2026/02/19 12:0 a.m.10 views

SofaWiki 3.9.2 Shell Upload

This is a proof of concept remote shell upload exploit for SofaWiki version 3.9.2 that leverages an issue originally discovered in 2024...

6AI score
Exploits0
OSV
OSV
added 2026/02/18 10:16 p.m.3 views

CVE-2019-25362

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...

9.8CVSS6.5AI score0.00653EPSS
Exploits1References5
NVD
NVD
added 2026/02/18 10:16 p.m.5 views

CVE-2019-25362

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...

9.8CVSS0.00653EPSS
Exploits1References5
CVE
CVE
added 2026/02/18 9:55 p.m.14 views

CVE-2019-25362

CVE-2019-25362 affects WMV to AVI MPEG DVD WMV Convertor 4.6.1217. It contains a stack-based buffer overflow in input handling that can be triggered by a crafted payload (~6000 bytes), overwriting license name and license code fields to execute arbitrary code and potentially spawn a bind shell on...

9.8CVSS6.6AI score0.00653EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/18 9:55 p.m.3 views

CVE-2019-25362 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...

9.8CVSS6.6AI score0.00653EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/18 9:55 p.m.22 views

CVE-2019-25362 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...

9.8CVSS0.00653EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/18 9:55 p.m.28 views

CVE-2019-25361 Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...

9.8CVSS0.00638EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/18 9:55 p.m.5 views

CVE-2019-25361 Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...

9.8CVSS6.5AI score0.00638EPSS
Exploits0References3
CVE
CVE
added 2026/02/18 9:55 p.m.12 views

CVE-2019-25361

Ayukov NFTP client 1.71 contains a buffer overflow in the SYST command handling that enables remote code execution. A crafted SYST payload can trigger the overflow and execute a bind shell on port 5150. Public CVSS data indicate high to critical impact across confidentiality, integrity, and avail...

9.8CVSS6.5AI score0.00638EPSS
Exploits0References3
OSV
OSV
added 2026/02/18 5:39 p.m.5 views

GHSA-4564-PVR2-QQ4H OpenClaw: Prevent shell injection in macOS keychain credential write

Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...

7.6CVSS5.6AI score0.012EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/02/18 5:39 p.m.17 views

OpenClaw: Prevent shell injection in macOS keychain credential write

Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...

8CVSS5.6AI score0.012EPSS
Exploits0References8Affected Software1
GithubExploit
GithubExploit
added 2026/02/18 8:52 a.m.161 views

Exploit for Argument Injection in Gnu Inetutils

!Authorhttps://img.shields.io/badge/Author-Mohammed%20Idrees%...

9.8CVSS5.8AI score0.98871EPSS
Exploits60
GithubExploit
GithubExploit
added 2026/02/18 2:41 a.m.140 views

DrakonixReverseShellPlayground

No d...

5.4AI score
Exploits0
OSV
OSV
added 2026/02/18 12:50 a.m.4 views

GHSA-XVHF-X56F-2HPP OpenClaw exec approvals: safeBins could bypass stdin-only constraints via shell expansion

Summary OpenClaw's exec-approvals allowlist supports a small set of "safe bins" intended to be stdin-only no positional file arguments when running tools.exec.host=gateway|node with security=allowlist. In affected configurations, the allowlist validation checked pre-expansion argv tokens, but...

8.6CVSS5.8AI score0.00167EPSS
Exploits0References6
Snyk
Snyk
added 2026/02/18 12:50 a.m.5 views

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the exec-approvals allowlist, when shell expansion is performed on argv tokens. An attacker can access sensitive files by supplying crafted arguments that leverage...

8.6CVSS5.7AI score0.00167EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/18 12:50 a.m.9 views

OpenClaw exec approvals: safeBins could bypass stdin-only constraints via shell expansion

Summary OpenClaw's exec-approvals allowlist supports a small set of "safe bins" intended to be stdin-only no positional file arguments when running tools.exec.host=gateway|node with security=allowlist. In affected configurations, the allowlist validation checked pre-expansion argv tokens, but...

8.6CVSS5.8AI score0.00167EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.6 views

PT-2026-20783

Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.31.0 Description The systeminformation library for node.js is susceptible to command injection through unsanitized output from the locate command within the versions function. This occurs when detecting th...

8.8CVSS6AI score0.0115EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.5 views

PT-2026-20536

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...

9.8CVSS6.5AI score0.00638EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.5 views

PT-2026-20369

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.8 through 2026.2.13 Description The software contains a command injection issue in the scripts/update-clawtributors.ts script. This affects contributors or maintainers, and CI systems, who execute bun...

8.6CVSS5.8AI score0.01709EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.6 views

PT-2026-20537

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...

9.8CVSS6.6AI score0.00653EPSS
Exploits1References6
Rows per page
Query Builder