Zapier 安全漏洞

Zapier is a product of Zapier, Inc. that allows end users to integrate the We b applications they use and automate workflows. A security vulnerability exists in versions of Zapier prior to 2022-08-17 that stems from code written to allow in-account privilege escalation. An attacker exploited the...

Code injection

The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

PYSEC-2022-43106

The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

CVE-2022-38885

The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

PT-2022-23189 · Xwiki · Xwiki Platform Wiki Ui Main Wiki

Name of the Vulnerable Software and Affected Versions: XWiki Platform Wiki UI Main Wiki versions 5.3-milestone-2 through 13.10.5 XWiki Platform Wiki UI Main Wiki versions 5.3-milestone-2 through 14.3 Description: It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity...

CVE-2022-35871

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from th...

CVE-2022-35871

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from th...

CVE-2022-35871

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from th...

CVE-2022-35871

Inductive Automation Ignition 8.1.15 (b2022030114) is affected by CVE-2022-35871. The flaw is in the authenticateAdSso method, where lack of authentication allows executing Python code, potentially running as SYSTEM. This is a remote-exploitable issue without required authentication. Connected so...

Command Injection:

Description cookiecutter is a command-line utility that creates projects from cookiecutters. Affected versions of this package are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg...

CVE-2022-30885

The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2...

OS Command Injection in cookiecutter

The package cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...

Command injection

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...

CVE-2022-24065 Command Injection

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...

XML Injection in ReportLab

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

Scalyr Agent 2 Missing SSL Certificate Validation

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName...

Plone Sandbox Bypass

The sandbox whitelisting function allowmodule.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing...

GHSA-9M4G-F42Q-VRRH Plone Sandbox Bypass

The sandbox whitelisting function allowmodule.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing...

Plone Sandbox Bypass

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors...

GHSA-25JH-5H5R-H33M Plone Sandbox Bypass

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors...