vanna Code Injection Vulnerability

Vanna is a personalized AI SQL agent from Vanna. vanna suffers from a code injection vulnerability that stems from a lack of sandboxing for executing LLM-generated code, which allows an attacker to manipulate the exec function in src/vanna/base/base.py, which can be exploited by an attacker to...

PT-2024-15889 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue affects the function exec of the file payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated...

The vulnerability of the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) of the ILIAS learning management and support system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the exec function in the execQuoted method of the ilUtil class /Services/Utilities/classes/class.ilUtil.php of the ILIAS training and support management system is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a remote...

CVE-2023-45869

ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...

CVE-2023-45869

ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...

Sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file booking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been...

Arbitrary Code Execution

llama-index is vulnerable to Arbitrary Code Execution. The vulnerability exists because of the improper handling of user input in the PandasQueryEngine function of the library, which allows an attacker to inject and execute malicious code due to the usage of the exec function...

PT-2024-12816 · Mariadb Foundation +1 · Mariadb +1

Name of the Vulnerable Software and Affected Versions: MariaDB version 10.5 Description: Insecure permissions in the sys exec function of MariaDB allow authenticated attackers to execute arbitrary commands with elevated privileges. This issue is disputed by the MariaDB Foundation because no...

DaillyTools Remote Command Execution

==================================================================================================================================== | Title : DaillyTools v1 command execution Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit ...

PT-2023-20539 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue was found in the system, affecting the exec function of the disapprove delete.php file. The manipulation of the id argument leads to SQL...

Sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file admin/operations/currency.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. Th...

PT-2023-17098 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue has been found in the system, affecting the exec function of the file admin/operations/approve delete.php. The manipulation of the id argument...

CVE-2021-33949

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...

CVE-2021-33949

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...

FeMiner wms 安全漏洞

FeMiner wms is a repository management system for individual developers of Chinese front-end miners FeMiner. A security vulnerability exists in FeMiner wms v1.1 that allows an attacker to execute arbitrary code via the filename parameter and exec function...

SUSE CVE-2008-7002

PHP 5.2.5 does not enforce a openbasedir and b safemodeexecdir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the 1 exec, 2 system, 3 shellexec, 4 passthru, or 5 popen functions,...

The vulnerability of the exec() function implementation in D-Link DIR-846 router software allows a hacker to execute arbitrary commands.

The vulnerability of the exec function implementation in D-Link DIR-846 router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command when processing the lan0dhcpsstaticlist parameter. Exploiting this vulnerabilit...

User Post Gallery <= 2.19 - Unauthenticated RCE

The plugin does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it. PoC Invoke the following curl command to execute the "id" command via PHP's exec function: curl -i...

Insecure Signature Verification

github.com/sigstore/cosign is vulnerable to insecure signature verification. The vulnerability exists in the Exec function in verifyattestation.go because the library does not properly validate the signature which allows an attacker to gain access to system data and execute malicious code...

The vulnerability of the exec() function in the ShellJS interpreter allows a malicious actor to gain unauthorized access to protected information, increase privileges, or cause service failures.

The vulnerability of the exec function in the ShellJS interpreter is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information, increase privileges, or cause service failures through specially created...