2678 matches found
Veritas Backup Exec Agent File Access Vulnerability
Veritas Backup Exec BE Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine...
LangChain vulnerable to code injection
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...
CVE-2023-29374
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...
PYSEC-2023-18
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...
Design/Logic Flaw
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...
CVE-2023-29374
CVE-2023-29374 affects LangChain up to version 0.0.131. The vulnerability lies in the LLMMathChain chain, enabling prompt injection that can execute arbitrary Python code via the built-in exec() method. The NVD/CVE data indicate a high-severity issue (CVSS v3.1: 9.8, CRITICAL) with network attack...
CVE-2023-29374
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...
CVE-2023-29374
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...
VulnCheck KEV: CVE-2021-27877
Veritas Backup Exec BE Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme...
VulnCheck KEV: CVE-2021-27876
Veritas Backup Exec BE Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine...
Sql injection
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file admin/operations/currency.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. Th...
PT-2023-17098 · Sourcecodester · Sourcecodester Online Tours & Travels Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue has been found in the system, affecting the exec function of the file admin/operations/approve delete.php. The manipulation of the id argument...
CVE-2023-27593 cilium-agent container can access the host via `hostPath` mount
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...
Authentication Bypass
zoneminder is vulnerable to Authentication Bypass. The vulnerability exists due to the improper permissions check on the snapshot action, which trigger ends up calling shellexec using the supplied Id, allowing an attacker to bypass the authorization mechanism by injecting and executing malicious...
GHSA-6722-XVQ8-3254 SketchSVG Arbitrary Code Injection vulnerability
All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...
Command injection
All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...
CVE-2021-33949
An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...
CVE-2021-33949
An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...
FeMiner wms 安全漏洞
FeMiner wms is a repository management system for individual developers of Chinese front-end miners FeMiner. A security vulnerability exists in FeMiner wms v1.1 that allows an attacker to execute arbitrary code via the filename parameter and exec function...
SUSE CVE-2000-0573
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command...