Lucene search
K

110 matches found

OSV
OSV
added 2022/09/19 2:15 p.m.3 views

CVE-2022-3141

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language via the settings page containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected...

8.8CVSS5.8AI score0.03851EPSS
Exploits5References3
Snyk
Snyk
added 2022/09/06 12:52 p.m.1 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via wordexp function by using backticks, leading to Command Injection. Remediation Upgrade tinygltf to version 2.8.13 or higher. References - Chromium Bugs - GitHub Commit - GitHub Issue Credit: Oliver Chang...

8.8CVSS8.6AI score0.02809EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/05/24 7:20 p.m.21 views

Dolibarr remote PHP code execution

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

9.8CVSS7.9AI score0.03815EPSS
Exploits3References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/17 10:15 p.m.6 views

CVE-2021-46319

Remote Code Execution RCE vulnerability exists in D-Link Router DIR-846 DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute arbitrary commands.Th...

10CVSS8.2AI score0.06163EPSS
Exploits1References3
Prion
Prion
added 2021/11/10 11:15 p.m.22 views

Code injection

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

7.5CVSS9.8AI score0.03815EPSS
Exploits3References3Affected Software1
UbuntuCve
UbuntuCve
added 2021/11/10 11:15 p.m.14 views

CVE-2021-33816

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

9.8CVSS7.3AI score0.03815EPSS
Exploits3References3
OSV
OSV
added 2021/11/10 11:15 p.m.1 views

UBUNTU-CVE-2021-33816

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

9.8CVSS6.2AI score0.03815EPSS
Exploits3References4
CVE
CVE
added 2021/11/10 10:37 p.m.83 views

CVE-2021-33816

CVE-2021-33816 affects Dolibarr 13.0.2: the website builder module enables remote PHP code execution because the protection mechanism blocks system, exec, and shell_exec but does not block backticks. This is the underlying root cause described across multiple sources (no public remediation detail...

9.8CVSS9.7AI score0.03815EPSS
Exploits3References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/10 12:0 a.m.3 views

PT-2021-20331 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 13.0.2 Description: The website builder module in Dolibarr allows remote PHP code execution due to an incomplete protection mechanism. Specifically, while system, exec, and shell exec are blocked, backticks are not blocked,...

9.8CVSS8AI score0.03815EPSS
Exploits3References14
Cvelist
Cvelist
added 2020/07/20 5:20 p.m.14 views

CVE-2020-15123 Command injection in codecov (npm package)

In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...

9.3CVSS9.6AI score0.03805EPSS
Exploits1References5
Veracode
Veracode
added 2020/03/20 5:35 a.m.26 views

Cross-site Scripting (XSS)

actionview is vulnerable to cross-site scripting XSS. Inadequate sanitization and escaping of special characters such as dollar signs and backticks allows an attacker to inject and execute arbitrary Javascript in a user's browser via the j or javascriptescape helper...

4.8CVSS5.3AI score0.01543EPSS
Exploits1References8Affected Software243
Cvelist
Cvelist
added 2019/11/13 10:34 p.m.26 views

CVE-2019-5029

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $ can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker c...

9.8CVSS9.9AI score0.5715EPSS
Exploits2References1
Exploit DB
Exploit DB
added 2019/09/10 12:0 a.m.322 views

LibreNMS - Collectd Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS Collectd Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Collectd graphing...

7.2CVSS7.4AI score0.80662EPSS
Exploits5
0day.today
0day.today
added 2019/09/09 12:0 a.m.31 views

LibreNMS Collectd Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqliescaperealstring function, which permits backticks. These parameters are used as part...

7.2CVSS0.4AI score0.80662EPSS
Exploits5
OSV
OSV
added 2019/03/15 8:29 p.m.6 views

CVE-2018-20106

In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast...

8.1CVSS5.8AI score0.01023EPSS
Exploits0References1
Veracode
Veracode
added 2018/12/21 6:31 a.m.14 views

Cross-site Scripting (XSS)

cebe/markdown is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the inconsistent behavior of multiple backticks, causing code to be interpreted incorrectly. Update: This CVE has been disputed as it is not the parser's job to sanitize malicious code from a parsed...

6.1CVSS5.9AI score0.00799EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/09/28 8:29 p.m.4 views

CVE-2018-9077

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The...

9.3CVSS5.8AI score0.01624EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2015/12/17 12:0 a.m.30 views

DLA-371-1 foomatic-filters - security update

Bulletin has no description...

7.5CVSS7.2AI score0.05251EPSS
Exploits0
OSV
OSV
added 2015/12/02 12:0 a.m.2 views

UBUNTU-CVE-2015-8327

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via backtick characters in a print job...

7.5CVSS7.4AI score0.10171EPSS
Exploits0References4
exploitpack
exploitpack
added 2014/08/28 12:0 a.m.14 views

ActualAnalyzer Lite 2.81 - Command Execution

ActualAnalyzer Lite 2.81 - Command Execution ActualAnalyzer exploit. Tested on Lite version We load command into a dummy variable as we only have 6 characters to own the eval but load more as first 2 characters get rm'd. We then execute the eval with backticks. 11/05/2011 import urllib import...

0.1AI score
Exploits0
Rows per page
Query Builder