CVE-2023-52252

Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint...

Unified Remote Security Vulnerability

Unified Remote is a smartphone application that enables a cell phone to become a wireless universal remote control. A security vulnerability exists in Unified Remote version 3.13.0, which stems from a security issue in the wildcard Access-Control-Allow-Origin for remote upload endpoints, allowing...

PT-2023-31943 · Unknown · Unified Remote

Name of the Vulnerable Software and Affected Versions: Unified Remote version 3.13.0 Description: The issue allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the "Remote upload endpoint". Recommendations: For Unified Remote version 3.13....

Design/Logic Flaw

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section...

CVE-2023-35853

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section...

CVE-2023-35853

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section...

Improper Input Validation

freedroidrpg:sid is vulnerable to Improper Input Validation. files within 'savestructinternal.c' where save game data is composed can be modified to add in any lua code which can lead to arbitrary code execution when loading...

SUSE: Security Advisory (SUSE-SU-2022:1929-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:1929-1 Security update for redis

This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection bsc1198952. - CVE-2022-24736: Fixed Lua NULL pointer dereference bsc1198953...

SUSE: Security Advisory (SUSE-SU-2022:1842-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for redis (SUSE-SU-2022:1842-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:1842-1 Security update for redis

This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection bsc1198952. - CVE-2022-24736: Fixed Lua NULL pointer dereference bsc1198953...

Remote Code Execution (RCE)

redis is vulnerable to remote code execution. The vulnerability exists because the users are not properly restricted which allows an attacker with access to Redis can inject arbitrary Lua code...

CVE-2022-28805

singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code...

CVE-2022-28805

singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code...

CVE-2022-28805

singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code...

APISIX Admin API default access token RCE

Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1 that can be used to access all of the admin API, which leads to remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass the IP...

Apache APISIX Remote Code Execution Exploit

Apache APISIX has a default, built-in API token that can be used to obtain full access of the admin API. Access to this API allows for remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass th e IP restriction...

Apache APISIX Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'APISIX Admin API default access token RCE', 'Description' = %q Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1...

CVE-2022-24112

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...