HackerOne: Internal machine learning API endpoint for CWE classification is vulnerable to path traversal

Vulnerability description not provided...

PT-2023-22295 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.8 XWiki Platform versions prior to 14.10.1 XWiki Platform versions prior to 15.0-rc-1 Description: The issue allows any user with edit rights on a page to execute...

XWiki Platform 注入漏洞

XWiki Platform is a suite of Wiki platforms for creating collaborative web applications from the French company XWiki. XWiki Platform suffers from an injection vulnerability, which stems from improper escaping of Invitation.InvitationCommon, that allows any user with view privileges to execute...

CVE-2023-29211 org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights WikiManager.DeleteWiki can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the wiki...

XWiki Commons 代码注入漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that any user with editing privileges can execute arbitrary Groovy, Python, or Velocity code in XWiki to gain full access to the XWiki...

XWiki Platform 代码注入漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform that originates from the ability of any user to execute arbitrary Groovy, Python or Velocity code in XWiki...

Sysax Multi Server 6.95 - (Password) Denial of Service Exploit

Exploit Title: Sysax Multi Server 6.95 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download/sysaxservsetup.msi Tested Version: 6.95 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windows...

PT-2023-21155 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.7 XWiki Platform versions prior to 14.10-rc-1 Description: The issue allows any user with view rights to execute arbitrary Groovy, Python, or Velocity code in...

SUSE CVE-2007-1253

Eval injection vulnerability in the a kmzImportWithMesh.py Script for Blender 0.1.9h, as used in b Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted 1 KML or 2 KMZ file...

SUSE CVE-2008-6954

The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...

MAL-2023-2124 Malicious code in python-inance (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c0001fcdc94573a491859eca78992119ed328ccaecbcb75088ffeee57a08153d Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MP3 Convert Lord V1.0 Local Seh Exploit

Exploit Title: MP3 Convert Lord V1.0 Local Seh Exploit Date: 06.01.2023 Vendor Homepage: http://www.avlord.com/ Software Link: https://www.softpedia.com/dyn-postdownload.php/baa965c6b5d22d62987a4638f33d5ec1/63b86eb2/3ecb/4/2 Exploit Author: Achilles Tested Version: 1.0 Tested on: Windows 7 x64 1....

Design/Logic Flaw

Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description USD files to customize all aspects of a scene. If a user opens a USD file th...

CVE-2022-42268

Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description USD files to customize all aspects of a scene. If a user opens a USD file th...

CVE-2022-42268

The CVE-2022-42268 issue affects NVIDIA Omniverse Kit components (Audio2Face, Create, Isaac Sim, View, Code, Machinima). A vulnerability allows executable Python code embedded in USD files to run with the user’s privileges when opened, enabling information disclosure, data tampering, and denial o...

CVE-2022-42268

Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description USD files to customize all aspects of a scene. If a user opens a USD file th...

ChatGPT-Written Malware

I dont know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild. …within a few weeks of ChatGPT going live, participants in cybercrime forums--­some with little or no coding experience­--were using it to write software and emails that could be used fo...

Security Bulletin: NVIDIA Omniverse Kit - January 2023

NVIDIA has released a software update for NVIDIA Omniverse™ Kit to address a security issue that may lead to code execution, information disclosure, data tampering, and denial of service. To protect your system, open the Omniverse Launcher and apply the appropriate update. Go to NVIDIA Product...

GoGo CD Ripper V1.4.9 Denial of Service Exploit

Exploit Title: GoGo CD Ripper V1.4.9 Denial of Service Exploit Date: 30.12.2022 Vendor Homepage:https://cd-mp3.org/ Software Link: https://download.cnet.com/Gogo-CD-To-MP3-Ripper/3001-21404-10330843.ht Exploit Author: Achilles Tested Version: v1.4.9 Tested on: Windows 7 x64 1.- Run python code...

What’s My Name Again? Reolink camera command injection

TL;DR Research on Reolink’s RLC-520A smart motion detection camera has turned up an authenticated command injection vulnerability. Exploiting this vulnerability with an injected system command can render the device useless. Introduction The camera is vulnerable to an authenticated command injecti...