CVE-2020-15121

CRITICAL Year: 2020
CVSS v3 Score
9.6
Critical
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-78
View all →

Vulnerability Description

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.

Related Vulnerabilities

CVE-2020-15272

CRITICAL
CVSS:9.6(Critical)

In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to ...

CWE-782020

CVE-2022-21178

CRITICAL
CVSS:9.6(Critical)

An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary comman...

CWE-782022

CVE-2022-22140

CRITICAL
CVSS:9.6(Critical)

An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command e...

CWE-782022

CVE-2023-28102

CRITICAL
CVSS:9.6(Critical)

discordrb is an implementation of the Discord API using Ruby. In discordrb before commit `91e13043ffa` the `encoder.rb` file unsafely constructs a shell string using the file parameter, which can pote...

CWE-782023

CVE-2023-3974

CRITICAL
CVSS:9.6(Critical)

OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0.

CWE-782023

CVE-2023-46117

CRITICAL
CVSS:9.6(Critical)

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in r...

CWE-782023