CVE-2022-3960 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor CDE plugin...

CVE-2022-43938 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports .prpt through the JVM script manager...

CVE-2022-43938 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports .prpt through the JVM script manager...

APKHunt - Comprehensive Static Code Analysis Tool For Android Apps That Is Based On The OWASP MASVS Framework

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their cod...

Froxlor contains Static Code Injection

Static Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10...

GHSA-W7W4-QJGG-372X Froxlor contains Static Code Injection

Static Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10...

PT-2023-16370 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor versions prior to 2.0.10 Description: The issue is related to improper neutralization of input during web page generation, also known as cross-site scripting. This could potentially allow for static code injection. Recommendations: Fo...

Froxlor 跨站脚本漏洞

Froxlor is a lightweight server management software from the Froxlor team. A cross-site scripting vulnerability exists in Froxlor versions prior to 2.0.10, which stems from allowing static code injection...

User can continuosly accrue rewards they are not due

Lines of code Vulnerability details Impact It is possible that block.timestamp can be manipulted by a user, thus allowing a malicious user to continuously acrue rewards they are not due, as long as the value is not 0 then rewards will be accrued function userAccrueERC20 producerToken, address use...

SQL Injection inside category creation (checkIfCategoryExists)

Description A user with the permission to Add category can abuse this feature to execute his own SQL queries. Proof of Concept Static code analysis The vulnerable php code is : php public function checkIfCategoryExistsarray $categoryData: int $query = sprintf "SELECT name from %sfaqcategories WHE...

Packj - Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages

Packj pronounced package is a command line CLI tool to vet open-source software packages for "risky" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports...

Fedora: Security Advisory for golang-github-shurcool-vfsgen (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

LambdaGuard - AWS Serverless Security

AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code. LambdaGuard is an AWS Lambda auditing tool designed to create asset...

phpMyAdmin vulnerable to static code injection

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal...

GHSA-P6H7-29R2-G88F phpMyAdmin vulnerable to static code injection

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal...

detekt 代码问题漏洞

detekt is a static code analysis tool for the Kotlin programming language. A security vulnerability exists in detekt that stems from an improperly restricted XML external entity reference...

Codecat v0.56 - An Open-Source Tool To Help You Find/Track User Input Sinks And Security Bugs Using Static Code Analysis

CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Current rules for C,C++,GO,Python,javascript,Swift,PHP,Ruby,ASP,Kotlin,Dart and Java.you can create your rules video How too install, step by step:...

GHSA-X28W-HVWC-MP75 Static Code Injection in Microweber

Microweber is a new generation CMS with drag and drop. Prior to version 1.3, Microweber is vulnerable to static code injection...

Static Code Injection in Microweber

Microweber is a new generation CMS with drag and drop. Prior to version 1.3, Microweber is vulnerable to static code injection...

Code injection

Static Code Injection in GitHub repository microweber/microweber prior to 1.3...