CVE-2023-29453

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

Arbitrary Code Injection

pretix is vulnerable to Arbitrary Code Injection. The vulnerability is caused by allowing parsing of EPS Encapsulated PostScript files in various features of the application. An attacker can exploit this to execute arbitrary code by sending a specially crafted EPS file...

The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in its improper code generation management, allowing an attacker to execute arbitrary code.

The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to inject arbitrary code into the system...

CVE-2023-40985

An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file ...

Webmin Cross-Site Scripting Vulnerability

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version 2.100. An attacker can exploit this vulnerability to inject arbitrary code...

Arbitrary Code Injection

sketchsvg is vulnerable to Remote Code Execution RCE. The vulnerability exists due to a lack of user input sanitization in when calling the shell.exec method, allowing an attacker to inject and execute malicious code into the system...

Arbitrary Code Injection

org.apache.nifi: is vulnerable to Arbitrary Code Injection. The vulnerability exists in several functions which allows an authenticated attacker to submit a malicious request to configure a location that enables custom code execution...

Arbitrary Code Injection

org.apache.rocketmq, rocketmq-namesrv is vulnerable to Remote Code Execution RCE. The vulnerability exists because the library allows updating the config path at runtime, allowing an attacker to inject and execute malicious code through the update configuration function by forging the RocketMQ...

Arbitrary Code Injection

Apache Ambari is vulnerable to Arbitrary Code Injection. The vulnerability exists in the metrics source which allows an attacker to execute arbitrary code by submitting a malicious SpEL expression...

CVE-2022-42045

Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28...

CVE-2022-42045

Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28...

CVE-2022-42045

Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28...

Zemana Anti Malware 安全漏洞

Zemana Anti Malware is an anti-malware program from Zemana. A security vulnerability exists in Zemana Anti Malware version 4.1.422, Zemana AntiMalware version 3.2.28, which stems from vulnerability to arbitrary code injection...

CVE-2022-42045

CVE-2022-42045 affects Zemana Watchdog AntiMalware 4.1.422 and Zemana AntiMalware 3.2.28, due to an arbitrary code injection in the amsdk.sys kernel driver. Root cause: an input-driven stub in the driver can be filled with user-controlled code, enabling kernel-mode code execution and potential dr...

CVE-2022-42045

Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28...

Apache RocketMQ 5.1.0 Arbitrary Code Injection Exploit

RocketMQ versions 5.1.0 and below are vulnerable to arbitrary code injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that...

Apache RocketMQ 5.1.0 Arbitrary Code Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache RocketMQ update config RCE', 'Description' = %q RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker...

Apache RocketMQ update config RCE

RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that...

Cross site scripting

Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...

Arbitrary Code Injection

@backstage/plugin-scaffolder-backend is vulnerable to Arbitrary Code Injection. The vulnerability exists due to sandbox bypass in ScaffolderEntitiesProcessor.js, which allows an attacker with write access to a registered scaffolder template to inject code through the YAML template definition...