40 matches found
Command injection
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...
CVE-2021-42740
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...
CVE-2021-42740
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...
CVE-2021-42740
CVE-2021-42740 affects the shell-quote package for Node.js (pre-1.7.3). The Windows drive-letter regex was {A-z] instead of {A-Za-z], enabling injection of shell metacharacters when unescaped output is passed to a real shell via exec(). Attacks can lead to arbitrary commands execution under the d...
CVE-2021-42740
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...
PT-2021-23668
Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.7.3 Description The issue allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a...
CVE-2019-1353
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux also known as "WSL" while accessing a working directory on a regular Windows drive, none of the NTFS...
DEBIAN-CVE-2019-1353
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux also known as "WSL" while accessing a working directory on a regular Windows drive, none of the NTFS...
ALPINE-CVE-2019-1353
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux also known as "WSL" while accessing a working directory on a regular Windows drive, none of the NTFS...
UBUNTU-CVE-2019-1353
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux also known as "WSL" while accessing a working directory on a regular Windows drive, none of the NTFS...
PT-2019-13607
Name of the Vulnerable Software and Affected Versions Pallets Werkzeug versions prior to 0.15.5 Description The issue is related to how SharedDataMiddleware handles drive names, such as C:, in Windows pathnames. This mishandling can lead to potential security issues. Recommendations For versions...
Remote Memory Read in Diskeeper 9 - 2007
Diskeeper Remote Memory Disclosure Credit: Pravus pravus -a-t- hush -d-o-t- com Greetz: Scientology for making a remotely accessible disk defragmenter. Felix, Jenna, and Isaac. Vulnerability Description: This vulnerability involves a memory comparison function that is remotely, anonymously...
CVE-2007-1580
FTPDMIN 0.96 allows remote attackers to cause a denial of service daemon crash via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument...
Buffer overflow
FTPDMIN 0.96 allows remote attackers to cause a denial of service daemon crash via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument...
CVE-2007-1580
FTPDMIN 0.96 allows remote attackers to cause a denial of service daemon crash via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument...
CVE-2007-1580
FTPDMIN 0.96 is affected. A remote attacker can trigger a denial of service (daemon crash) by issuing a LIST command targeting a Windows drive letter (e.g., //A:). The issue is documented as a potential buffer overflow in some sources, but the available records state only a DoS via LIST for a dri...
CVE-2006-3488
The CVE-2006-3488 entry concerns an absolute path traversal in VirtuaStore 2.0, specifically the administrador.asp component. According to the provided documents, the vulnerability allows remote attackers to read arbitrary directories or files by supplying an absolute path with a Windows drive le...
CVE-2005-2726
Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via "C:" Windows drive letter sequences in commands such as 1 LIST or 2 RETR...
CVE-2005-2726
CVE-2005-2726 describes a directory traversal vulnerability in Home Ftp Server 1.0.7 that allows remote authenticated users to read arbitrary files by supplying Windows drive-letter paths such as “C:\” in commands like LIST or RETR. The condition is authenticated access; impact is partial disclos...
CVE-2005-2726
Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via "C:" Windows drive letter sequences in commands such as 1 LIST or 2 RETR...