SQL Injection Vulnerability in Jeecg-Boot of Beijing Guo Torch Information Technology Co.

Jeecg-Boot is a rapid development platform based on a code generator. Jeecg-Boot has a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive information from a database...

Unauthorized Access Vulnerability in Jeecg-Boot

JJeecg-Boot is a rapid development platform based on a code generator. Jeecg-Boot suffers from an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive system information...

Insecure Default Configuration

graphql-code-generator contains an insecure default configuration. SSL certificate verification was disabled by default, allowing man-in-the-middle MitM attacks...

Insecure Default Configuration

Overview Versions of graphql-code-generator prior to 0.18.2 have an Insecure Default Configuration. The packages sets NODETLSREJECTUNAUTHORIZED to 0, disabling certificate verification for the entire project. This results in Insecure Communication for the process. Recommendation Upgrade to versio...

Pagekit < 1.0.13 - Cross-Site Scripting Code Generator Exploit

Exploit for php platform in category web applications Title: Pagekit ' + code + '' f = openname, 'w+' f.writecode f.close if name == 'main': print''' / \ \ / / | | \ / / | / / | | / / | || | | | \ \ / /| | | | | | |/ \ | | | | ' | || | | | \ V / | ||/ /| || | | || | | | | | | / || ||/||/...

Pagekit &lt; 1.0.13 - Cross-Site Scripting Code Generator

Title: Pagekit ' + code + '' f = openname, 'w+' f.writecode f.close if name == 'main': print''' / \ \ / / | | \ / / | / / | | / / | || | | | \ \ / /| | | | | | |/ \ | | | | ' | || | | | \ V / | ||/ /| || | | || | | | | | | / || ||/||/ |||/ / || Author : DEEPIN2Junseo Lee''' print' enter...

Pagekit 1.0.13 - Cross-Site Scripting Code Generator

Pagekit 1.0.13 - Cross-Site Scripting Code Generator Title: Pagekit ' + code + '' f = openname, 'w+' f.writecode f.close if name == 'main': print''' / \ \ / / | | \ / / | / / | | / / | || | | | \ \ / /| | | | | | |/ \ | | | | ' | || | | | \ V / | ||/ /| || | | || | | | | | | / || ||/||/ |||/...

Pagekit Cross Site Scripting Code Generator

Title: Pagekit ' + code + '' f = openname, 'w+' f.writecode f.close if name == 'main': print''' / \ \ / / | | \ / / | / / | | / / | || | | | \ \ / /| | | | | | |/ \ | | | | ' | || | | | \ V / | ||/ /| || | | || | | | | | | / || ||/||/ |||/ / || Author : DEEPIN2Junseo Lee''' print' enter...

Arbitrary Code Execution

swagger-parser is susceptible to arbitrary code execution attacks. It does not use a safe parsing method in both the readYamlTree and readYamlValue functions of swagger-parser, allowing malicious YAML files from untrusted remote sources to be parsed to the applications. All the online code...

MGASA-2017-0257 Updated php-phpmailer packages fix security vulnerability

It was discovered that php-phpmailer has a XSS vulnerability in the "From Email Address" and "To Email Address" fields of codegenerator.php CVE-2017-11503...

XSS vulnerability in code example

SECURITY Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There...

Cross-Site Scripting (XSS)

phpMailer is vulnerable to cross-site scripting XSS attacks. The attacks exist because it does not properly sanitize the user supplied input to the "From Email Address" and "To Email Address" fields of codegenerator.php...

CVE-2017-11503

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...

DEBIAN-CVE-2017-11503

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...

CVE-2017-11503

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...

PT-2017-12058 · Php +2 · Phpmailer +2

Name of the Vulnerable Software and Affected Versions: PHPMailer version 5.2.23 Description: The issue concerns a problem with the "From Email Address" and "To Email Address" fields in the code generator.php file, where there is XSS. Recommendations: For PHPMailer version 5.2.23, consider...

OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

shopify-scripts: Segmentfault at mrb_vm_exec

@ssarong discovered an integer overflow in MRuby's code generator, which resulted in a crash. The issue was reported upstream in https://github.com/mruby/mruby/issues/3426 and fixed in https://github.com/mruby/mruby/commit/6e0ba0085d22b7751c46b178e841046483f0f6b4...

wordpress plugin esponce-qr-code-generator cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the wordpress plugin esponce-qr-code-generator, which, due to improper filteri...

Fuzzer for Individual Method Parameters: RamFuzz

Fuzzer for Individual Method Parameters RamFuzz is a fuzzer for individual method parameters in unit tests. A unit test can use RamFuzz to generate random parameter values for methods under test. The values are logged, and the log can be replayed to repeat the exact same test scenario. But RamFuz...