CVE-2023-52252

Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint...

CVE-2023-52252

Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint...

Unified Remote Security Vulnerability

Unified Remote is a smartphone application that enables a cell phone to become a wireless universal remote control. A security vulnerability exists in Unified Remote version 3.13.0, which stems from a security issue in the wildcard Access-Control-Allow-Origin for remote upload endpoints, allowing...

Design/Logic Flaw

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section...

CVE-2023-35853

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section...

CVE-2023-35853

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section...

APISIX Admin API default access token RCE

Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1 that can be used to access all of the admin API, which leads to remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass the IP...

Apache APISIX Remote Code Execution Exploit

Apache APISIX has a default, built-in API token that can be used to obtain full access of the admin API. Access to this API allows for remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass th e IP restriction...

Aerospike Database UDF Lua Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Aerospike Database UDF Lua Code Execution', 'Description' = %q Aerospike Database versions before 5.1.0.3 permitted user-defined functions UDF to...

Mail.ru: Access to Tarantool

An access to admin interface of Tarantool host in development/stage environment was not properly restricted, allowing LUA code execution...

CVE-2017-9389

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device allows a user to install applications written in the Lua programming language. Also the interfa...

Yii Arbitrary LUA Code Execution Vulnerability

Yii is the Yii team developed a set of component-based , high-performance PHP framework for developing large-scale Web applications . A security vulnerability exists in version 2.x of Yii before 2.0.15. A remote attacker can exploit this vulnerability to execute arbitrary LUA code...

Moderate: Red Hat Security Advisory: redis security advisory

Updated redis packages that fix a security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...