GHSA-GGJM-7M5F-7XJV MantisBT allows XSS via the Manage Filter page

A cross-site scripting XSS vulnerability in the Manage Filters page managefilterpage.php in MantisBT 2.1.0 through 2.17.1 allows remote attackers if access rights permit it to inject arbitrary code if CSP settings permit it through a crafted project name...

Mercurial vulnerable to arbitrary code injection

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be...

Arbitrary Code Execution

XMP Toolkit is vulnerable to arbitrary code injection. The vulnerability exists due to a memory corruption when a victim opens a crafted file which allows an attacker to inject and execute malicious code...

CVE-2022-20763

A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by...

Arbitrary Code Injection

accesslog is vulnerable to arbitrary code injection. The vulnerability exists in compile function in compile.js due to lack of sanitization of inputs which allows an attacker to inject and execute arbitrary javascript code...

Code injection in accesslog

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package's exported constructor function, it is possible for an attacker to...

gradio arbitrary code injection vulnerability

gradio is an open source framework. gradio is vulnerable to arbitrary code injection. The vulnerability automatically runs these commands and can be exploited by an attacker to run arbitrary commands on a user's computer...

CVE-2022-25760

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package's exported constructor function, it is possible for an attacker to...

CVE-2022-25760

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package's exported constructor function, it is possible for an attacker to...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection where the transformation method or its arguments are untrusted arbitrary input. Note: This vulnerability impacts applications that use Active Storage with the imageprocessing processing in addition to the...

The vulnerability of the FUDforum internet forum, related to the lack of measures taken to protect the website structure, allows a perpetrator to execute arbitrary code.

The vulnerability of the FUDforum internet forum is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to inject arbitrary code during the administrator’s email reading process. This code can then...

Rockwell Automation Allen-Bradley PowerMonitor 1000 Improper Neutralization of Input During Web Page Generation (CVE-2018-19615)

Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted user's web browser to gain access to the affected device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Arbitrary Code Injection

smarty/smarty is vulnerable to arbitrary code injection. The vulnerability exists in smartyfunctionmath function of function.math.php because the math strings are not validated which allows an attacker to send and execute crafted malicious math strings...

CVE-2021-23358 - Need to upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary Confluence is currently using underscore.js 1.10.2. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a...

Underscore.js 1.3.2 < 1.12.1 Arbitrary Code Injection

According to its self-reported version number, Underscore.js is 1.3.2 prior to 1.12.1 or 1.13.x prior to 1.13.0-2. Therefore, it may be affected by an arbitrary code injection via the template function when the variable option is taken from .templateSettings. Note that the scanner has not tested...

Remote Code Execution (RCE)

@asyncapi/modelina is vulnerable to Arbitrary Code Injection. The vulnerability is due to a lack of proper checking of user supplied input in the TypeScriptGenerator function which allows an attacker to upload and execute malicious code...

Huawei EulerOS: Security Advisory for compat-libtiff3 (EulerOS-SA-2021-2360)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access Docker container

Summary Multiple vulnerabilities have been fixed in the IBM Security Verify Access Docker container. Vulnerability Details CVEID: CVE-2021-20523 DESCRIPTION: IBM Security Access Manager Docker could allow a remote attacker to obtain sensitive information when a detailed technical error message is...

Cisco Integrated Management Controller Command Injection (cisco-sa-CIMC-CIV-pKDBe9x5)

According to its self-reported version, Cisco Integrated Management Controller IMC is affected by a vulnerability in the web UI that allows an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due ...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the novel's title name or author name. Remediation Upgrade narou to version 3.8.0 or higher. References - GitHub Additional Information - GitHub Commit - Ryotak Advisory...