14 matches found
EUVD-2024-55605
launch-editor vulnerable to command injection via the crafted request on Windows...
PT-2026-46090
Summary Due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. Impact If the following conditions are met, an attacker can execute arbitrary commands on the...
CVE-2024-52011
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...
CVE-2024-52011
The CVE affects the launch-editor component used with Node.js in vite prior to version 2.9.0, where insufficient sanitization of the file argument in launchEditor allowed an attacker to execute arbitrary commands on Windows by supplying a filename with special characters. The issue is resolved in...
OS Command Injection
@react-native-community/cli is vulnerable to OS Command Injection. The vulnerability is due to an exposed endpoint that accepts attacker-controlled POST data and passes it to system execution paths without proper sanitization, which allows an unauthenticated network attacker to run arbitrary...
EUVD-2021-21084
Malware in sbrugna...
EUVD-2019-0169
Malware in sbrugna...
DEBIAN-CVE-2024-56334
systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...
PHP 8.2.x < 8.2.20 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.2.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.20 advisory. - In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP- CGI on Windows, if the...
Yokogawa Rental & Lease Passage Drive 输入验证错误漏洞
The Yokogawa Rental & Lease Passage Drive is a passage drive endpoint from Yokogawa Rental & Lease, Japan. An input validation error vulnerability exists in Yokogawa Rental & Lease Passage Drive that stems from insufficient data validation of Passage Drive including inter-process communication,...
CVE-2021-26472
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges...
CVE-2018-6342
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server either via CSRF or by direct reque...
Input validation
Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors...
HelpMe.pl
Winhlp32.exe Remote BufferOverrun exploit code. written by Gary O'leary-Steele Sec-1 Ltd. [email protected] For use as proof of concept Kernel32.dll version 5.0.2195.4272 Kernell32 jmp ebx 77E87793 $sploit = "\x55\x8b\xec\x8b\xc3". xc5 is ebp change if error "\xbe\xff\xff\xff\xff"...