PT-2023-1514 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to incorrect code generation management in Microsoft Exchange Server. It allows a remote attacker to execute arbitrary code. There is no information...

PT-2023-1537 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to errors in code generation management. It allows a remote attacker to execute arbitrary code. Recommendations: At the moment, there is no informatio...

Microsoft Edge browser’s vulnerability, related to improper code generation management, allows attackers to escalate their privileges.

The vulnerability of Microsoft Edge is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially created web page...

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks

The legitimate command-and-control C2 framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver...

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks

The legitimate command-and-control C2 framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver...

Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views

Impact In Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows in the template to call any global PHP function. Patches The problem has been fixed with 6.4.18.1 with an override of the specified filters until...

PT-2023-7037 · Microsoft +1 · Visual Studio Code +1

Name of the Vulnerable Software and Affected Versions: Visual Studio Code affected versions not specified Description: The issue is related to improper code generation control in Visual Studio Code, allowing an attacker to execute arbitrary code. This can be exploited to gain unauthorized access...

The vulnerability of the Dev UI Config Editor component in the quarkus Java framework, which allows a hacker to execute arbitrary code.

The vulnerability of the Dev UI Config Editor component in the quarkus Java framework is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Command Line Interface (CLI) of the Microsoft Azure platform, which allows a hacker to execute arbitrary code.

The vulnerability of the Command Line Interface CLI of the Microsoft Azure platform is related to improper code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the SPIP content management system, related to improper code generation, allows a hacker to execute arbitrary code.

The vulnerability of the SPIP content management system is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted request...

The vulnerability of the Zoom video conferencing service, related to improper handling of code generation, allows a hacker to execute arbitrary code.

The vulnerability of the Zoom video conferencing service is related to improper handling of code generation. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Yii 跨站脚本漏洞

Yii is a component-based, high-performance PHP framework for developing large-scale web applications developed by the YII team. A security vulnerability exists in Yii Yii2 Gii 2.2.4 and earlier versions, which originates from a vulnerability that allows XSS attacks to be stored by injecting the...

The vulnerability of the API interface of the Redfish microprogramming software for remote control controllers AMI MegaRAC allows a perpetrator to execute arbitrary code.

The vulnerability of the API interface of the microprogramming software for AMI MegaRAC controllers is related to errors during code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted HTTP request...

PT-2022-5773 · Ami · Megarac

Name of the Vulnerable Software and Affected Versions: MegaRAC affected versions not specified Description: The issue is related to errors in code generation in the AMI MegaRAC Redfish API interface, which can be exploited by a remote attacker to execute arbitrary code by sending a specially...

The vulnerability of the run_id parameter in the Example Dags function of the Airflow software for data processing tasks allows a attacker to execute arbitrary commands.

The vulnerability of the runid parameter in the Example Dags function of the Airflow software for data processing scenario creation, monitoring, and orchestration is related to incorrect code generation. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary...

The vulnerability of Websoft HCM’s automation software for HR processes stems from improper code generation management, allowing attackers to execute arbitrary code.

The vulnerability of Websoft HCM’s automation software for HR processes is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code during the generation of HTTP requests...

The vulnerability of Websoft HCM’s automation software for HR processes stems from improper code generation management, allowing attackers to execute arbitrary code.

The vulnerability of Websoft HCM’s automation software for HR processes is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code during the generation of HTTP requests...

The vulnerability of Websoft HCM’s automation software for HR processes stems from improper code generation management, allowing attackers to execute arbitrary code.

The vulnerability of Websoft HCM’s automation software for HR processes is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code during the generation of HTTP requests...

The vulnerability of the WDAC OLE DB driver for SQL Server on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on the Windows operating system is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the JavaScript library’s template function for working with arrays like Underscore allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the JavaScript library’s template function for working with arrays like Underscore is related to incorrect code generation practices. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...