Lucene search
+L

40 matches found

Prion
Prion
added 2021/10/21 3:15 p.m.32 views

Command injection

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

7.5CVSS9.5AI score0.0434EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/10/21 3:15 p.m.2 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.3AI score0.0434EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2021/10/21 3:15 p.m.103 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.2AI score0.0434EPSS
Exploits0References4
CVE
CVE
added 2021/10/21 2:46 p.m.130 views

CVE-2021-42740

CVE-2021-42740 affects the shell-quote package for Node.js (pre-1.7.3). The Windows drive-letter regex was {A-z] instead of {A-Za-z], enabling injection of shell metacharacters when unescaped output is passed to a real shell via exec(). Attacks can lead to arbitrary commands execution under the d...

9.8CVSS9.5AI score0.0434EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2021/10/21 2:46 p.m.46 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS8.3AI score0.0434EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/10/21 12:0 a.m.5 views

PT-2021-23668

Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.7.3 Description The issue allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a...

9.8CVSS7.3AI score0.0434EPSS
Exploits0References148
OSV
OSV
added 2020/01/24 10:15 p.m.27 views

CVE-2019-1353

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux also known as "WSL" while accessing a working directory on a regular Windows drive, none of the NTFS...

9.8CVSS6.6AI score
Exploits0References5
OSV
OSV
added 2020/01/24 10:15 p.m.2 views

DEBIAN-CVE-2019-1353

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux also known as "WSL" while accessing a working directory on a regular Windows drive, none of the NTFS...

9.8CVSS8AI score0.02225EPSS
Exploits0References1
OSV
OSV
added 2020/01/24 10:15 p.m.2 views

ALPINE-CVE-2019-1353

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux also known as "WSL" while accessing a working directory on a regular Windows drive, none of the NTFS...

9.8CVSS6.8AI score0.02225EPSS
Exploits0References1
OSV
OSV
added 2019/12/10 6:0 p.m.4 views

UBUNTU-CVE-2019-1353

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux also known as "WSL" while accessing a working directory on a regular Windows drive, none of the NTFS...

9.8CVSS7.1AI score0.02225EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/07/28 12:0 a.m.7 views

PT-2019-13607

Name of the Vulnerable Software and Affected Versions Pallets Werkzeug versions prior to 0.15.5 Description The issue is related to how SharedDataMiddleware handles drive names, such as C:, in Windows pathnames. This mishandling can lead to potential security issues. Recommendations For versions...

7.5CVSS7.1AI score0.55526EPSS
Exploits7References13
securityvulns
securityvulns
added 2007/08/18 12:0 a.m.31 views

Remote Memory Read in Diskeeper 9 - 2007

Diskeeper Remote Memory Disclosure Credit: Pravus pravus -a-t- hush -d-o-t- com Greetz: Scientology for making a remotely accessible disk defragmenter. Felix, Jenna, and Isaac. Vulnerability Description: This vulnerability involves a memory comparison function that is remotely, anonymously...

0.7AI score
Exploits0
NVD
NVD
added 2007/03/21 11:19 p.m.15 views

CVE-2007-1580

FTPDMIN 0.96 allows remote attackers to cause a denial of service daemon crash via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument...

6.3CVSS7.2AI score0.02403EPSS
Exploits1References4
Prion
Prion
added 2007/03/21 11:19 p.m.14 views

Buffer overflow

FTPDMIN 0.96 allows remote attackers to cause a denial of service daemon crash via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument...

6.3CVSS7.8AI score0.02403EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2007/03/21 11:0 p.m.20 views

CVE-2007-1580

FTPDMIN 0.96 allows remote attackers to cause a denial of service daemon crash via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument...

7.2AI score0.02403EPSS
Exploits1References4
CVE
CVE
added 2007/03/21 11:0 p.m.55 views

CVE-2007-1580

FTPDMIN 0.96 is affected. A remote attacker can trigger a denial of service (daemon crash) by issuing a LIST command targeting a Windows drive letter (e.g., //A:). The issue is documented as a potential buffer overflow in some sources, but the available records state only a DoS via LIST for a dri...

6.3CVSS7.2AI score0.02403EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2006/07/10 10:0 p.m.53 views

CVE-2006-3488

The CVE-2006-3488 entry concerns an absolute path traversal in VirtuaStore 2.0, specifically the administrador.asp component. According to the provided documents, the vulnerability allows remote attackers to read arbitrary directories or files by supplying an absolute path with a Windows drive le...

5CVSS7.2AI score0.01175EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2005/08/30 11:45 a.m.12 views

CVE-2005-2726

Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via "C:" Windows drive letter sequences in commands such as 1 LIST or 2 RETR...

5CVSS6.5AI score0.01686EPSS
Exploits0References5
CVE
CVE
added 2005/08/29 4:0 a.m.50 views

CVE-2005-2726

CVE-2005-2726 describes a directory traversal vulnerability in Home Ftp Server 1.0.7 that allows remote authenticated users to read arbitrary files by supplying Windows drive-letter paths such as “C:\” in commands like LIST or RETR. The condition is authenticated access; impact is partial disclos...

5CVSS6.6AI score0.01686EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2005/08/29 4:0 a.m.19 views

CVE-2005-2726

Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via "C:" Windows drive letter sequences in commands such as 1 LIST or 2 RETR...

6.5AI score0.01686EPSS
Exploits0References5
Rows per page
Query Builder