CVE-2023-30621 : GIPSY UP TO 1.2 ON DISCORD PING OS COMMAND INJECTION - Cloud WAF

Free Trial

CVE-2023-30621 : GIPSY UP TO 1.2 ON DISCORD PING OS COMMAND INJECTION

Description

Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions prior to 1.3 users can run command on the host machine with sudoer permission. The `!ping` command when provided with an IP or hostname used to run a bash `ping ` without verification that the IP or hostname was legitimate. This command was executed with root permissions and may lead to arbitrary command injection on the host server. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://github.com/Curiosity-org/Gipsy/security/advisories/GHSA-6cw6-r8pg-j7wh

https://github.com/Gunivers/Gipsy/pull/24

https://github.com/Gunivers/Gipsy/pull/24/commits/716818e967069f144aae66d51464b237c22b6cdf

For More Information

Contact us to get started

CVE-2024-7261 : ZYXEL NWA1123ACV3/WAC500/WAX655E/WBE530/USG LITE 60AX COOKIE HOST OS COMMAND INJECTION

CVE-2024-7261 : ZYXEL NWA1123ACV3/WAC500/WAX655E/WBE530/USG LITE 60AX COOKIE HOST OS COMMAND INJECTION

Description The improper neutralization of special elements in the parameter “host” in the CGI program of Zyxel NWA1123ACv3 firmware version

Learn more

CVE-2024-1621 : NT-WARE UNIFLOW ONLINE UP TO 2024.1.0 REGISTRATION VERIFICATION OF SOURCE

CVE-2024-1621 : NT-WARE UNIFLOW ONLINE UP TO 2024.1.0 REGISTRATION VERIFICATION OF SOURCE

Description The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when

Learn more

CVE-2024-45623 : D-LINK DAP-2310 1.16RC028 ATP BINARY STACK-BASED OVERFLOW

CVE-2024-45623 : D-LINK DAP-2310 1.16RC028 ATP BINARY STACK-BASED OVERFLOW

Description D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in

Learn more