Shescape has potential environment variable exposure on Windows with CMD

Impact This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of quote/quoteAll/escape/escapeAll. An attacker may be able to get read-only access to environment variables. Example: javascript import as cp from "node:childprocess"; import...

GHSA-66PP-5P9W-Q87J Shescape has potential environment variable exposure on Windows with CMD

Impact This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of quote/quoteAll/escape/escapeAll. An attacker may be able to get read-only access to environment variables. Example: javascript import as cp from "node:childprocess"; import...

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

WordPress Plugin ELEX WooCommerce Dynamic Pricing and Discounts 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin ELEX WooCommerce...

Path traversal in Zip Swift

An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry...

CVE-2023-39135

An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry...

CVE-2023-39135

An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry...

Path traversal

An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry...

CVE-2023-33720

mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty...

CVE-2023-33720

mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty...

CVE-2023-33720

mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty...

PIX-RT100 安全漏洞

PIXELA CORPORATION PIX-RT100 is a home router from PIXELA CORPORATION, Japan. A security vulnerability exists in the PIX-RT100 RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 versions. A network neighbor attacker could access the product via an undocumented Telnet or SSH service...

CVE-2020-28460

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...

Security Bulletin:The GPFS pattern provided with IBM PureApplication System is affected by security vulnerabilities. (CVE-2015-4974 and CVE-2015-4981)

Summary Security vulnerabilities have been identified in the current levels of IBM Spectrum Scale V4.1.1, IBM GPFS V4.1 and V3.5: - could allow a local non privileged attacker to execute commands with root privileges CVE-2015-4974 - could allow a local non privileged attacker to read system...

WordPress Mobile Pack 2.1.2 Information Disclosure

Title: Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 and below Submitter: Nitin Venkatesh Product: WordPress Mobile Pack Wordpress Plugin Product URL: https://wordpress.org/plugins/wordpress-mobile-pack/ Vulnerability Type: Information ExposureCWE-200 Affecte...

Chyrp v2.1.2 <= (FU/BSQLi) Multiple Vulnerabilities

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Firebird SQL op_connect_request main listener shutdown Vulnerability

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Firebird SQL opconnectrequest main listener shutdown vulnerability 1. Advisory Information Title: Firebird SQL opconnectrequest mai...

Fantastic News 2.1.2 - &#039;script_path&#039; Remote Code Execution

!/usr/bin/perl Fantastic News v2.1.2 and possibly below Remote Command Execution Bug Found By uid0 Exploit Coded by Zod c 2006 ExploiterCode.com usage: perl FNews.pl perl FNews.pl http://site.com/FNews/ http://site.com/cmd.txt cmd cmd shell example: cmd shell variable: $GETcmd; hai to: zodiac, ne...