Prototype Pollution

Overview irrelon-path is an A powerful JSON path processor. Allows you to drill into and manipulate JSON objects with a simple dot-delimited path format e.g. "obj.name". Affected versions of this package are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. POC:...

Grandstream UCM6200 Series OS Command Injection Vulnerability

The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. An OS command injection vulnerability exists in the Grandstream UCM6200 series versions 1.0.20.23 and earlier. The vulnerability can be exploited to execute commands as root by issuing speciall...

CVE-2020-5759

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command...

procps: Local privilege escalation in top

If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of...

procps: Local privilege escalation in top

If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of...

Apple Safari Technology Preview WebKit Denial of Service Vulnerability (CNVD-2018-11311)

Apple Safari Technology Preview is a browser from Apple.WebKit is an open source web browser engine developed by the KDE community and currently used by Apple Safari and Google Chrome. A security vulnerability exists in the UIProcess/API/glib/WebKitFaviconDatabase.cpp file of the WebKit component...

CVE-2018-11646

webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash...

UBUNTU-CVE-2018-11646

webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash...

DEBIAN-CVE-2018-11646

webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash...

CVE-2018-11646

webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash...

UBUNTU-CVE-2018-1122

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the configfile function...

CVE-2018-10747

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary in the Diagnostics component using the 'unset ' function and cause memory corruption. Furthermore, it is possible to redirect the flow...

PT-2018-3912 · D Link · D-Link Dsl-3782

Name of the Vulnerable Software and Affected Versions: D-Link DSL-3782 EU version 1.01 Description: An issue in the Diagnostics component of the D-Link DSL-3782 EU device allows an authenticated user to cause memory corruption by passing a long buffer as an 'unset' parameter to the...

CVE-2017-18205

In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set...

UBUNTU-CVE-2017-18205

In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set...

Coinbase: User provided values passed to PHP unset() function

In the Coinbase wpe commerce open source library, a researcher observed a call to the PHP unset function that relied on user controlled input. The reporter observed that this could allow a malicious user to destroy arbitrary variables in the environment where this library is deployed...

Unspecified Vulnerability in SaltStack Salt

SaltStack Salt aka SaltStack is a set of open source tools for managing infrastructure from SaltStack, Inc. in the United States. The tool provides configuration management, remote execution and other functions , able to manage tens of thousands of servers , with the ability to quickly complete t...

CVE-2016-9310

The control mode mode 6 functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet...

CVE-2016-9310

The control mode mode 6 functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet...

AIX 5.3 / 6.1 / 7.1 / 7.2 lquerylv Local Root

!/usr/bin/sh AIX lquerylv 5.3, 6.1, 7.1, 7.2 local root exploit. Tested against latest patchset 7100-04 This exploit takes advantage of known issues with debugging functions within the AIX linker library. We are taking advantage of known functionality, and focusing on badly coded SUID binaries...