It was discovered that zsh, a powerful shell and scripting language,
did not prevent recursive prompt expansion. This would allow an
attacker to execute arbitrary commands into a user’s shell, for
instance by tricking a vcs_info user into checking out a git branch
with a specially crafted name.
More Stories
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla Products, the most severe of which could allow for arbitrary code execution. Mozilla...
Multiple Vulnerabilities in Siemens Ruggedcom Crossbow Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Siemens Ruggedcom Crossbow, the most severe of which could allow for arbitrary code execution....
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe...
SEC Consult SA-20240513-0 :: Tolerating Self-Signed Certificates in SAP® Cloud Connector
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 14 SEC Consult Vulnerability Lab Security Advisory < 20240513-0 >...
TROJANSPY.WIN64.EMOTET.A / Arbitrary Code Execution
Posted by malvuln on May 14 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/f917c77f60c3c1ac6dbbadbf366ddd30.txt Contact:...
BACKDOOR.WIN32.ASYNCRAT / Arbitrary Code Execution
Posted by malvuln on May 14 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/2337b9a12ecf50b94fc95e6ac34b3ecc.txt Contact:...