Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2022-29078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is...

9.8CVSS7AI score0.32386EPSS
Exploits6References3
GithubExploit
GithubExploit
added 2025/01/07 10:7 p.m.200 views

Exploit for Code Injection in Ejs

CVE-2022-29078 Simple PoC for CVE-2022-29078 vuln ej...

9.8CVSS7.2AI score0.32386EPSS
Exploits6
GithubExploit
GithubExploit
added 2024/11/05 6:15 a.m.1847 views

Exploit for Code Injection in Ejs

THM Challenge: SSTI RCE...

9.8CVSS7.3AI score0.32386EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.35 views

RHEL 8 : pcs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ejs: server-side template injection in outputFunctionName CVE-2022-29078 - The package handlebars before...

9.8CVSS8.9AI score0.32386EPSS
Exploits11References10
Tenable Nessus
Tenable Nessus
added 2022/09/02 12:0 a.m.61 views

IBM Cognos Analytics Multiple Vulnerabilities (6616285)

The version of IBM Cognos Analytics installed on the remote host is affected by multiple vulnerabilities, including the following: - The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed ...

9.8CVSS6.9AI score0.32386EPSS
Exploits16References22
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/11 10:34 a.m.38 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to ejs [CVE-2022-29078]

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to ejs CVE-2022-29078 with details below Vulnerability Details CVEID:CVE-2022-29078 DESCRIPTION: Node.js ejs module could allow a remote attacker to execute arbitrary code on the system, caused b...

9.8CVSS9.9AI score0.32386EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/11 8:58 a.m.59 views

Security Bulletin: IBM Integration Bus is vulnerable to arbitrary code execution due to Node.js ejs module (CVE-2022-29078)

Summary IBM Integration Bus is vulnerable to arbitrary code execution due to Node.js ejs module. Mitigation steps to disable node.js have been recommended. CVE-2022-29078 Vulnerability Details CVEID: CVE-2022-29078 DESCRIPTION: Node.js ejs module could allow a remote attacker to execute arbitrary...

9.8CVSS2.9AI score0.32386EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/31 10:29 p.m.49 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to code injection due to CVE-2022-29078

Summary Node.js module ejs is used by IBM App Connect Enterprise Certified Container for JavaScript templating. All IBM App Connect Enterprise Certified Container DesignerAuthoring operands, and IntegrationServer operands that run Designer flows may be vulnerable to code injection. This bulletin...

9.8CVSS7.1AI score0.32386EPSS
Exploits6Affected Software1
RedhatCVE
RedhatCVE
added 2022/04/26 7:23 a.m.205 views

CVE-2022-29078

A Command injection attack was found in ejs Embedded JavaScript templates for Node.js, which allows an attacker to execute server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary ...

9.8CVSS4.7AI score0.32386EPSS
Exploits6References4
Circl
Circl
added 2022/04/25 6:36 p.m.35 views

CVE-2022-29078

creationtimestamp| type| source ---|---|--- 2022-04-25 18:36:10+00:00| seen| https://t.me/cibsecurity/41385 2022-07-19 10:13:43+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/6378 2022-07-19 12:12:47+00:00| published-proof-of-concept|...

9.8CVSS6.7AI score0.32386EPSS
In wildExploits6References10
NVD
NVD
added 2022/04/25 3:15 p.m.22 views

CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

9.8CVSS0.32386EPSS
Exploits6References3
Cvelist
Cvelist
added 2022/04/25 2:13 p.m.40 views

CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

9.9AI score0.32386EPSS
Exploits6References3
Rows per page
Query Builder