Siemens SIMATIC WinCC 安全漏洞

SIMATIC WinCC is a supervisory control and data acquisition SCADA system. A local code execution vulnerability exists in Siemens SIMATIC WinCC, which can be exploited by an attacker to inject arbitrary code and escalate privileges...

Cross site scripting

Reflected Cross Site Scripting XSS in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly...

CVE-2023-33731

Reflected Cross Site Scripting XSS in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly...

Cross site scripting

Cross Site Scripting XSS in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval...

GHSA-P9XG-9378-CQP7 Cross-site scripting in Liferay Portal

Cross-site scripting XSS vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's 1 First Name, 2 Middle Name, 3 Last Name, ...

CVE-2023-31703

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

Cross site scripting

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

CVE-2023-31703

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

SUSE SLES15 Security Update : go1.20 (SUSE-SU-2023:2105-2)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2105-2 advisory. - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service...

Arbitrary Code Injection

shopware/platform and shopware/core are vulnerable to Arbitrary Code Injection. The vulnerability exists in multiple functions of SecurityExtension.php because the inputs are properly checked which allows an attacker to inject and execute arbitrary code into the system...

Arbitrary Code Injection

Apache OpenOffice is vulnerable to Arbitrary Code Injection. The vulnerability exists because the Java class path is not properly configured which allows an attacker to inject and execute arbitrary codes...

Arbitrary Code Injection

moodle/moodle is vulnerable to Arbitrary Code Injection. The vulnerability is due to the component parameter in the pix function of mustachepixhelper.php because it renders the component parameter twice which allows an attacker to inject and execute malicious code into the system...

Denial Of Service (DoS)

firefox is vulnerable to Denial Of Service DoS. The vulnerability exists due to the memory safety bug in the library, which allows an attacker cause an application crash through the arbitrary code injection...

Arbitrary Code Injection

emacs is vulnerable to Arbitrary Code Injection. An attacker can inject and execute malicious code through the crafted mailto: URI with unescaped double-quote characters...

SketchSVG Arbitrary Code Injection vulnerability

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...

GHSA-6722-XVQ8-3254 SketchSVG Arbitrary Code Injection vulnerability

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...

Command injection

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...

CVE-2023-26107

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...

CVE-2023-26107

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...

CVE-2023-26107

The CVE-2023-26107 entry concerns the SketchSVG package. The vulnerability is an Arbitrary Code Injection flaw caused by calling shell.exec without proper sanitization or parameterization, while the command string concatenates the current directory. Affected software is the sketchsvg package (Nod...