CVE-2020-6836

The CVE-2020-6836 entry refers to an arbitrary code injection in the hot-formula-parser package for Node.js, caused by grammar-parser.jison when parsing user-supplied input. Versions prior to 3.0.1 concatenate input into an eval call, enabling an attacker-controlled formula to execute arbitrary c...

CVE-2012-2931

PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers t...

Arbitrary Code Injection

dot is vulnerable to arbitrary code injection. The template function does not sanitize input set on Object.prototype, allowing an attacker who is able to compile templates to inject and execute arbitrary code...

CVE-2019-8227

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML...

Arbitrary Code Injection

libpcap.so is vulnerable to code injection vulnerability. The attack is possible because it reuses a variable, causing an incorrect handling to check length values and allowing an attacker to inject extra data at the end of a request...

CVE-2019-14252

An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if remove...

The vulnerability of the IcedTea-Web plugin, which stems from insufficient verification of data authenticity, allows a hacker to inject arbitrary code into the JAR file.

The vulnerability of the IcedTea-Web plugin is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a remote attacker to inject arbitrary code into the JAR file...

Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution

import os import inspect import argparse import shutil from shutil import copyfile print"" print"" print"" print"" print"------------------CVE-2019-13623----------------" print"" print"" print"" print"-----------------Ghidra-Exploit-----------------" print"--Tested version: Ghidra Linux version =...

NewStart CGSL CORE 5.05 / MAIN 5.05 : ruby Multiple Vulnerabilities (NS-SA-2019-0084)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ruby packages installed that are affected by multiple vulnerabilities: - An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout...

Important: ruby20, ruby21, ruby24

Issue Overview: An issue was discovered in RubyGems. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.CVE-2019-8322 An issue was discovered in RubyGems. Gem::GemcutterUtilitieswithresponse...

Arbitrary Code Injection

github.com/docker/docker-ce is vulnerable to arbitrary code injection. The vulnerability exists because the nsswitch facility can dynamically load a library inside a chroot...

CVE-2019-13029

Multiple stored Cross-site scripting XSS issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser...

Cross site scripting

Multiple stored Cross-site scripting XSS issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser...

Arbitrary Code Injection in mobile-icon-resizer

mobile-icon-resizer resizes large images for use as icons for iOS and Android. mobile-icon-resizer has a code execution vulnerability in versions before 0.4.3. mobile-icon-resizer takes an options object as an argument to define the resulting icons as such: var options = config: './config.js'...

Arbitrary Code Injection

Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence...

Arbitrary Code Injection

Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Arbitrary Code Injection. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence...

Improper Input Validation And Arbitary Code Injection

The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by...

Arbitary Code Injection

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2013-5609,...

Arbitrary Code Injection

The Apache HTTP Server is a popular web server. Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitra...