CVE-2023-41887 Remote Code exec in project import with mysql jdbc url attack

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue...

DEBIAN-CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

UBUNTU-CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

Sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file booking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been...

@gov.au/pancake (>=0.0.6 <=0.0.10), agile-alarm (>=0.0.1 <=0.0.2) +32 more potentially affected by CVE-2023-40582 via find-exec (>=0.0.3 <=1.0.2)

find-exec NPM version =0.0.3, =0.0.6, =0.0.1, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =0.1.0, =0.1.0, =1.4.0, =1.4.9 and more Source cves: CVE-2023-40582 Source advisory: OSV:GHSA-95RP-6GQP-6622...

Command Injection Vulnerability in find-exec

Older versions of the package are vulnerable to Command Injection as an attacker controlled parameter. As a result, attackers may run malicious commands. For example: const find = require"find-exec"; find"mplayer; touch hacked" This creates a file named "hacked" on the filesystem. You should neve...

CVE-2023-40582

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...

CVE-2023-40582 Command Injection Vulnerability in find-exec

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...

CVE-2023-40582 Command Injection Vulnerability in find-exec

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...

CVE-2023-40582

The CVE pertains to the find-exec utility, where earlier versions (prior to 1.0.3) fail to properly escape user input, enabling Command Injection via attacker-controlled parameters. This could allow an attacker to run arbitrary shell commands with the privileges of the running process. The issue ...

find-exec 操作系统命令注入漏洞

find-exec is a shime personal developer that takes a list of shell commands and returns the first available command. An operating system command injection vulnerability exists in find-exec versions prior to 1.0.3, which stems from the inability to properly escape user input and the ease with whic...

PT-2023-27519

Name of the Vulnerable Software and Affected Versions find-exec versions prior to 1.0.3 Description The issue is related to Command Injection, where attackers may run malicious shell commands in the context of the running process due to improper escaping of user input. This can be achieved via an...

Arbitrary Code Execution

llama-index is vulnerable to Arbitrary Code Execution. The vulnerability exists because of the improper handling of user input in the PandasQueryEngine function of the library, which allows an attacker to inject and execute malicious code due to the usage of the exec function...

GHSA-2XXC-73FV-36F7 llama-index vulnerable to arbitrary code execution

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

CVE-2023-39662

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

PYSEC-2023-148

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

PT-2023-27061

Name of the Vulnerable Software and Affected Versions llama index versions 0.7.13 and earlier Description An issue in llama index allows a remote attacker to execute arbitrary code via the exec parameter in the PandasQueryEngine function. This enables the attacker to perform unauthorized actions ...

Western Digital MyCloud PR4100 Logger Class Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Western Digital MyCloud PR4100 NAS device. Authentication is required to exploit this vulnerability. The specific flaw exists within the Logger class. The issue results from the lack of...

CVE-2023-36898 Tablet Windows User Interface Application Core Remote Code Execution Vulnerability

...

CVE-2023-38524

CVE-2023-38524 affects Siemens Parasolid and Teamcenter Visualization. A null pointer dereference occurs while parsing specially crafted X_T files, enabling potential code execution in the affected process. Affected versions: Parasolid V34.1 (prior to 34.1.258), V35.0 (prior to 35.0.254), V35.1 (...