CVE-2023-1717

Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/leftvertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege...

PT-2023-32374 · WordPress · Ads By Datafeedr.Com

Name of the Vulnerable Software and Affected Versions: Ads by datafeedr.com plugin for WordPress versions up to, and including, 1.1.3 Description: The issue allows unauthenticated attackers to execute code on the server via the dfads ajax load ads function. This function has limited parameters th...

PT-2024-24096 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 5.0-rc-1 through 14.10.19 XWiki Platform versions 15.5.3 and earlier XWiki Platform versions prior to 15.9-rc-1 Description: The issue allows any user with edit rights on any page to execute code on the server by addin...

CVE-2023-43661 Cachet vulnerable to Authenticated Remote Code Execution

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch...

pgAdmin Command Execution Vulnerability

pgAdmin is an open source management and development platform for the open source database PostgreSQL. A command execution vulnerability exists in pgAdmin that stems from an inability to properly control server code executed on this API, which could be exploited by an authenticated attacker to ru...

pgAdmin failed to properly control the server code

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.7 failed to properly control the server code executed on this API, allowing an...

CVE-2023-5002 Pgadmin4: remote code execution by an authenticated user

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

pgAdmin 安全漏洞

pgAdmin is an open source management and development platform for the open source database PostgreSQL. A command execution vulnerability exists in pgAdmin that stems from an inability to properly control server code executed on this API, which could be exploited by an authenticated attacker to ru...

CVE-2022-1415

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...

CVE-2023-26469

In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server...

CVE-2023-26469

In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server...

CVE-2023-36994

In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code...

Strapi 注入漏洞

Strapi is an open source content management system CMS. A security vulnerability exists in Strapi versions prior to 4.5.5, which can be exploited by an attacker to inject a crafted payload that executes code on the server into an email template, thereby bypassing validation checks that are suppos...

Debian: Security Advisory (DLA-156-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2014-0593

The setversion script as shipped with obs-service-setversion is a source validator for the Open Build Service OBS. In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server...

SUSE CVE-2017-7466

Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the...

SUSE CVE-2017-18187

In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the sslparseclientpskidentity function in library/sslsrv.c...

NOSH ChartingSystem 代码问题漏洞

NOSH ChartingSystem is an electronic health record system designed for physicians and patients. A security vulnerability exists in NOSH ChartingSystem 4a5cfdb. An attacker can exploit the vulnerability to execute arbitrary PHP code...

PT-2023-12374 · Unknown · Openmage Lts

Name of the Vulnerable Software and Affected Versions: OpenMage LTS versions prior to 19.4.22 OpenMage LTS versions prior to 20.0.19 Description: The issue affects OpenMage LTS, an e-commerce platform. Magento admin users with access to the customer media could execute code on the server...

OpenMage Magento Lts 路径遍历漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A path traversal vulnerability exists in OpenMage LTS versions 19.4.22 through 20.0.19, which originates from a Magento administrator user with privileged access to client media can execute code on the server...