CVE-2015-6089

The Microsoft 1 VBScript and 2 JScript engines, as used in Internet Explorer 8 through 11, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."...

Elasticsearch Sandbox Escape Command Execution (CVE-2015-1427)

A remote command execution RCE vulnerability exists in the Groovy scripting engine in Elasticsearch. The vulnerability is due to certain scripts bypassing the sandbox protection mechanism. A remote attacker can exploit this weakness to execute arbitrary code via a specially crafted request...

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CNVD-2015-06661)

Internet Explorer is a web browser from Microsoft. A security vulnerability exists in the implementation of Internet Explorer 9-11 and other products, VBScript and JScript engines. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service memory...

Information disclosure

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."...

Nmap Scripting Engine Scanner Over HTTP Request

Nmap Scripting Engine is a vulnerability scanning product. Remote attackers can use Nmap Scripting Engine to detect vulnerabilities on a target server...

FreeBSD : elasticsearch -- remote OS command execution via Groovy scripting engine (026759e0-1ba3-11e5-b43d-002590263bf5)

Elastic reports : Vulnerability Summary: Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine that were introduced in 1.3.0. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the...

CVE-2015-1427

CVE-2015-1427 concerns Elasticsearch’s Groovy scripting engine, where dynamic scripting was enabled by default in versions before 1.3.8 (and 1.4.x before 1.4.3). The root cause is a sandbox bypass in the Groovy sandbox that allows remote attackers to execute arbitrary shell commands via a crafted...

elasticsearch -- remote OS command execution via Groovy scripting engine

Elastic reports: Vulnerability Summary: Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine that were introduced in 1.3.0. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the...

MS14-084: Vulnerability in VBScript scripting engine could allow remote code execution: December 9, 2014

Resolves a vulnerability in the VBScript scripting engine in Microsoft Windows that could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.INTRODUCTIONMicrosoft h...

Escapade 0.2.1 Beta Scripting Engine PAGE Parameter Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8574/info Escapade is prone to a path disclosure vulnerability. It is possible to gain access to sensitive path information by issuing a request for an invalid resource, passed as a value for the PAGE parameter to the...

Microsoft IIS 5.0 "Translate: f" Source Disclosure Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1578/info Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then...

Microsoft IIS 5.0 "Translate: f" Source Disclosure Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/1578/info Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then...

Escapade 0.2.1 Beta Scripting Engine PAGE Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8573/info A cross-site scripting vulnerability has been reported for Escapade. The vulnerability exists due to insufficient sanitization of some user-supplied values. An attacker could exploit this issue to execute...

Web application Advanced Security: IronWASP

Web application Advanced Security: IronWASP IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Thou...

MS14-011: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)

The installed version of the VBScript Scripting Engine has a memory corruption vulnerability due to improper handling of objects in memory. If an attacker can trick a user on the system into viewing or opening malicious content, this issue could be leveraged to execute arbitrary code on the...

OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to...

CVE-2013-3969

Removed by vendor...

OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to...

python-wrapper - Untrusted Search PathCode Execution

python-wrapper - Untrusted Search PathCode Execution python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root...

python-wrapper - Untrusted Search Path/Code Execution

python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root to help'modules' or help and then modules from withi...