Internet Bug Bounty: Electron CVE-2022-35954 Delimiter Injection Vulnerability in exportVariable

Describe the summary: The Electron Website provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write...

CVE-2022-35897

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally...

CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

CVE-2022-32483

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

PT-2022-21338 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to improper input validation. A local authenticated malicious user with admin privileges may potentially exploit this to modify a UEFI variable. Recommendations: At t...

SQL injection for certain queries with variables

For some queries, specific variable values can modify the query rather than just the variable. This can occur if: 1. the query's data source uses different escaping than the Rails database OR 2. the query has a variable inside a string literal Since Blazer is designed to run arbitrary queries, th...

CVE-2020-20948

An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable...

EulerOS 2.0 SP2 : ntp (EulerOS-SA-2017-1125)

According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.CVE-2015-8139 - N...

Race condition

In coreinforead and instinforead in all Android releases from CAF using the Linux kernel, variable "dbgbuf", "dbgbuf-curr" and "dbgbuf-filledsize" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race condition...

CVE-2016-4954

The processpacket function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service peer-variable modification by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication...

CVE-2016-4954

The CVE-2016-4954 entry affects ntpd (NTP v4) and is triggered by the process_packet() function in ntp_proto.c, where NTP 4.x versions before 4.2.8p8 can be caused to enter a peer-variable modification state when it receives spoofed packets from multiple sources, demonstrated by an incorrect leap...

UBUNTU-CVE-2016-4954

The processpacket function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service peer-variable modification by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication...

Dedecms v57 sp1 plus/download.php SQL注入漏洞

起因是全局变量$GLOBALS可以被任意修改，随便看了下，漏洞一堆，我只找了一处。 codeinclude/dedesql.class.php ifisset$GLOBALS'arrs1' $v1 = $v2 = ''; for$i=0;isset$arrs1$i;$i++ $v1 .= chr$arrs1$i; for$i=0;isset$arrs2$i;$i++ $v2 .= chr$arrs2$i; //解码ascii $GLOBALS$v1 .= $v2; //注意这里不是覆盖，是+ function SetQuery$sql $prefix="@"; $sql =...

CVE-2007-2036

CVE-2007-2036 refers to a vulnerability in the Cisco Wireless LAN Controller (WLC) where the SNMP implementation (pre-20070419) uses default read-only public and read-write private communities. This allows remote attackers to read and modify SNMP variables, potentially gaining full access to SNMP...

CVE-2006-2158

Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when registerglobals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remo...

Multiple PHP vulnerabilities

phpinfo crossite scripting, parsestr registerglobals activisation possibility, $GLOBALS variable modification witrh HTTP POST form 'fileupload' field. It's also possible to modify any variable with GLOBALSvariable...

CVE-2005-2574

xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as SERVERREMOTEADDR...

Дырки в PitBull LX (kernel variable modification)

Атакующий с правами root может обойти защиту путем модификации переменных ядра через sysctl...

CVE-1999-0706

Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables...