Cross site scripting

A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code...

Cross Site Scripting(XSS)

grizzly-http-server-core is vulnerable to cross-site scripting XSS. This issue affects the error page and allows attacker to inject arbitrary code...

Arbitrary Code Injection

Symfony is vulnerable to arbitrary code injection attacks. A malicious user can inject and execute arbitrary PHP code with a language="php" attribute of a SCRIPT element through the Symfony\Component\HttpKernel\HttpCache class. This vulnerability only affects applications with ESI or SSI support...

The vulnerability of the Android operating system’s Mediaserver service allows a hacker to cause memory corruption during the use of media files or other data.

The vulnerability of the Android operating system’s Mediaserver service arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to inject arbitrary code using a specially created file, which can cause memory corruption duri...

CVE-2017-6973

A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2...

CVE-2017-7241

A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...

Arbitary Code Injection

AFNetworking is vulnerable to arbitrary code injection. It uses a hard-coded multipart form data boundary, potentially allowing an attacker to inject and execute malicious code...

IBM Security Access Manager Arbitrary Code Injection Vulnerability

IBM Security Access Manager is a security access manager from IBM USA. A security vulnerability exists in IBM Security Access Manager. An attacker can exploit the vulnerability to inject arbitrary JavaScript script code, causing credential disclosure in a trusted session...

The vulnerability of the man utility function in the Linux operating system, which allows a hacker to inject arbitrary code.

The vulnerability of the man utility function in the Linux operating system is related to incorrect string handling. Exploiting this vulnerability allows a local attacker to inject arbitrary code through a specially created application...

Allows an attacker to inject arbitrary code into your application via any secondary Gem source declared in your Gemfile

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a Gem name collision on a secondary source. Please note that this vulnerability only applies for Ruby projects using Bundler 2.0 with Gemfiles having 2 or more "source" lines. In other words, ...

Arbitrary Code Injection

Overview Affected versions of reduce-css-calc pass input directly to eval. If user input is passed into the calc function, this may result in cross-site scripting on the browser, or remote code execution on the server. Proof of Concept const reduceCSSCalc = require'reduce-css-calc';...

Arbitrary Code Injection

Overview Affected versions of pouchdb do not properly sandbox the code execution engine which executes the map/reduce functions for temporary views and design documents. Under certain circumstances, an attacker could uses this to run arbitrary code on the server. Recommendation Update to version...

ownCloud Desktop Client 2.2.2 Privilege Escalation

Horizontal Privilege Escalation/Code Injection in ownCloudas Windows Client Metadata =================================================== Release Date: 17-08-2016 Author: Florian Bogner @ Kapsch BusinessCom AG https://www.kapsch.net/kbc Affected versions: up to ownCloud's Desktop client version...

SAP HANA DB Arbitrary Code Injection Vulnerability

SAP HANA DB is an in-memory, row- and column-based database from SAP. The database provides fast queries against multidimensional data, filtering out cluttered and useless data, and synchronizing the execution of multiple queries. An arbitrary code injection vulnerability exists in SAP HANA DB. A...

The vulnerability of the software system for managing enterprise assets in IBM Maximo Asset Management allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of the software system for managing enterprise assets in IBM Maximo Asset Management exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially crafted U...

The vulnerability of the microprogramming software of Cisco RV130W, Cisco RV215W, and Cisco RV110W allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of the web interface configuration of microprogramming software for Cisco RV130W, Cisco RV215W, and Cisco RV110W exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or...

Swagger Vulnerability Leads to Arbitrary Code Injection

An unexpected behavior in a relatively new and popular open source API framework called Swagger could lead to code execution, researchers at Rapid7 said. The company today disclosed some details on the vulnerability, and released a Metasploit exploit module and a proposed patch written by...

Trend Micro Titanium Security 8.x < 8.0.2063 / 10.x < 10.0.1265 Multiple Vulnerabilities

The version of the Trend Micro Titanium Security product installed on the remote host is 8.x prior to 8.0.2063 or 10.x prior to 10.0.1265. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the /LocalHelp/loader script due to improper...

CVE-2015-8606

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Locale or 2 FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm...

The vulnerability of the Moodle learning management system allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of the group/overview.php function in the Moodle learning management system exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using modified descriptions ...