Arbitrary Code Execution

js-yaml is vulnerable to arbitrary code execution. The vulnerability exists through the usage of unsafe load function, which allows attackers to inject arbitrary code via a malicious YAML file using objects that have toString as key, JavaScript code as value and are used as explicit mapping keys...

Wifi-soft's Unibox Controllers Remote Command Injection Vulnerability (CNVD-2019-00771)

Wifi-soft's Unibox Controllers are fast-paced network controllers for all large and small venues. A remote code injection vulnerability exists in Wifi-soft's Unibox Controllers. An attacker can exploit the vulnerability to inject arbitrary code...

The vulnerability of the Web Isolation software lies in its inability to protect the structure of web pages. This allows attackers to inject arbitrary code into the loaded web pages.

The vulnerability of the software for preventing web threats exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor, operating remotely, to inject arbitrary code into the loaded web page using a specially crafted URI...

The vulnerability of the Wizard component in the microprogramming software of the RICOH Aficio MP multifunctional device allows a hacker to inject any code into the protected web page.

The vulnerability of the Wizard component file /web/entry/en/address/adrsSetUserWizard.cgi of the RICOH Aficio MP multifunctional device exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into...

The vulnerability in the web interface for controlling Cisco Registered Envelope Service allows a perpetrator to inject arbitrary code into the web page that is uploaded.

The vulnerability of the web interface for managing security information transmitted by the Cisco Registered Envelope Service is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the...

The vulnerability of the web server used by the Cisco Prime Service Catalog management tool allows a hacker to inject arbitrary code into the web page that is uploaded.

The vulnerability of the Cisco Prime Service Catalog management server relates to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the web page via a specially crafted link...

The vulnerability of the Microsoft Dynamics 365 resource planning software lies in the insufficient protection of the website structure, allowing a hacker to inject arbitrary code into the web pages that users are allowed to download.

The vulnerability of the Microsoft Dynamics 365 resource planning software application is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the web pages uploaded to users, thereby gaining access to...

CVE-2018-17783

A cross-site scripting XSS vulnerability in the Edit Filter page managefilteredit page.php in MantisBT 2.1.0 through 2.17.1 allows remote attackers if access rights permit it to inject arbitrary code if CSP settings permit it through a crafted project name...

CVE-2018-17904

Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code...

CVE-2018-17904

Geovap Reliance 4 SCADA/HMI is vulnerable to cross-site scripting (CWE-79) in the web interface. Affected: Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and earlier. Description in ICS-CERT confirms an unauthenticated remote attacker can inject arbitrary JavaScript via HTTP, potentially impacting ...

GHSA-CGQV-X5CX-XVQH Arbitrary Code Injection in pouchdb

Affected versions of pouchdb do not properly sandbox the code execution engine which executes the map/reduce functions for temporary views and design documents. Under certain circumstances, an attacker could uses this to run arbitrary code on the server. Recommendation Update to version 6.0.5 or...

Adobe Systems - Arbitrary Code Injection Vulnerability

Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...

Adobe Systems Main lead DBMS Arbitrary Code Injection

Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...

Adobe Systems - Arbitrary Code Injection Vulnerability

Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...

GHSA-4662-J96G-MV46 Arbitrary Code Injection in reduce-css-calc

Affected versions of reduce-css-calc pass input directly to eval. If user input is passed into the calc function, this may result in cross-site scripting on the browser, or remote code execution on the server. Proof of Concept const reduceCSSCalc = require'reduce-css-calc';...

CVE-2016-10548

Arbitrary code execution is possible in reduce-css-calc node module =1.2.4 through crafted css. This makes cross sites scripting XSS possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function...

CVE-2016-10546

An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands...

CVE-2018-8972

Creditwest Bank CMS Project aka CWCMS through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters...

Regular Expression Denial Of Service (ReDoS)

aws-lambda-multipart-parser is vulnerable to regular expression denial of service ReDoS attacks. These attacks are possible through a multipart/form-data boundary string and allows attackers to inject and execute arbitrary code...

SA155: Multiple ASG and ProxySG Vulnerabilities

SUMMARY The Symantec ASG and ProxySG management consoles are susceptible to multiple vulnerabilities. A remote attacker can, under certain circumstances, obtain sensitive authentication credential information, redirect target users to malicious sites, and inject arbitrary JavaScript code into the...