xdg-utils xdg-open 'open_envvar' function injection vulnerability

xdg-utils is a set of command line tools used to help integrate applications with various desktop tasks. xdg-open is one of these programs for opening files or URLs. A security vulnerability in the 'openenvvar' function of xdg-open in versions of xdg-utils prior to 1.1.3 stems from the program's...

Arbitrary File Read Vulnerability in DCCE MAC1100 PLCs

The MAC1100 PLC Programmable Logic Controller PLC is a product in the Dalian Computer Control DCCE Programmable Logic Controller PLC series. An arbitrary file read vulnerability exists in the DCCE MAC1100 PLC. An attacker can exploit this vulnerability to read the contents of any variable area of...

GD bbPress 2.5 Cross Site Scripting

An authenticated user of a bbPress forum, who can attach a file, can inject arbitrary javascript code via filename. The arbitrary code runs both on the topic page and in the admin panel, and it only affects the administrators, moderators and the attacker. The variable $errorafilea in...

DEBIAN-CVE-2018-10992

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...

Design/Logic Flaw

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...

CVE-2018-10992

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...

Design/Logic Flaw

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

DEBIAN-CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

Arbitrary Code Execution

swiftmailer/swiftmailer is vulnerable to arbitrary code execution. The malicious code can be passed through the extraParams variable used to send extra parameters if the From, ReturnPath or Sender header came from a non-trusted source...

CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

UBUNTU-CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

Aurora IIDXM Design Vulnerability

Aurora IDEX Membership IDXM is a decentralized trading system for Ether ECR-20 tokens. A security vulnerability exists in the implementation of Owned smart contracts in Aurora IIDXM. An attacker could exploit the vulnerability to gain ownership of the contract and change the variables...

ansible-tower: Remote code execution by users with access to define variables in job templates

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server...

Windows WMI Recieve Notification Exploit

This Metasploit module exploits an uninitialized stack variable in the WMI subsystem of ntoskrnl. This Metasploit module has been tested on vulnerable builds of Windows 7 SP0 x64 and Windows 7 SP1 x64. This module requires Metasploit: http://metasploit.com/download Current source:...

Microsoft Windows WMI - Recieve Notification Exploit (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows WMI Recieve Notification Exploit', 'Description' = %q This module exploits an...

oniguruma: Out-of-bounds heap write in bitset_set_range()

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect...

CVE-2018-1104

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server...

Design/Logic Flaw

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...

CVE-2018-10581

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...