Lucene search
+L

255 matches found

prion
prion
added 2021/02/01 3:15 p.m.29 views

Remote code execution

angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...

6.5CVSS8.8AI score0.0273EPSS
Exploits0References4Affected Software1
github
github
added 2021/02/01 3:1 p.m.69 views

Angular Expressions - Remote Code Execution

Impact The vulnerability, reported by GoSecure Inc, allows Remote Code Execution, if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. This time, the security of the package could be bypassed by using a more complex payload, using a...

8.8CVSS2.9AI score0.0273EPSS
Exploits0References6Affected Software1
packetstorm
packetstorm
added 2020/11/27 12:0 a.m.633 views

WordPress Age Gate 2.13.4 Open Redirect

Exploit Title: URL Redirection to Untrusted Site 'Open Redirect' Age Gate Wordpress Plugin = 2.13.4 Date: 11/27/2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://agegate.io/ Software Link: https://wordpress.org/plugins/age-gate/ Version: = 2.13.4 Tested on: Latest Version of Deskto...

7AI score
Exploits0
osv
osv
added 2020/09/11 9:18 p.m.8 views

GHSA-8FW4-XH83-3J6Q Cross-Site Scripting in diagram-js

Versions of diagram-js prior to 3.3.1 for 3.x and 2.6.2 for 2.x are vulnerable to Cross-Site Scripting. The package fails to escape output of user-controlled input in search-pad, allowing attackers to execute arbitrary JavaScript. Recommendation If you are using diagram-js 3.x, upgrade to version...

7.7AI score
Exploits0References4
osv
osv
added 2020/09/11 9:18 p.m.105 views

GHSA-P82G-2XPP-M5R3 Cross-Site Scripting in dojo

Versions of dojo prior to 1.2.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize HTML code in user-controlled input, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.2.0 or later...

5.4CVSS6AI score0.02224EPSS
Exploits0References9
github
github
added 2020/05/06 7:32 p.m.80 views

Command Injection in hot-formula-parser

Versions of hot-formula-parser prior to 3.0.1 are vulnerable to Command Injection. The package fails to sanitize values passed to the parse function and concatenates it in an eval call. If a value of the formula is supplied by user-controlled input it may allow attackers to run arbitrary commands...

9.8CVSS4.9AI score0.02148EPSS
Exploits0References6Affected Software1
osv
osv
added 2020/05/06 7:32 p.m.24 views

GHSA-RC77-XXQ6-4MFF Command Injection in hot-formula-parser

Versions of hot-formula-parser prior to 3.0.1 are vulnerable to Command Injection. The package fails to sanitize values passed to the parse function and concatenates it in an eval call. If a value of the formula is supplied by user-controlled input it may allow attackers to run arbitrary commands...

9.8CVSS9.7AI score0.02148EPSS
Exploits0References6
cvelist
cvelist
added 2020/04/27 9:6 p.m.26 views

CVE-2020-7609

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON" can be controlled by users without any sanitization...

9.7AI score0.01596EPSS
Exploits1References2
nvd
nvd
added 2020/03/15 10:15 p.m.18 views

CVE-2020-7602

node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand" is called by "getDevices" function in file "linux/manager.js", which is required by the "index. process.env.NMCLI" in the file "linux/manager.js". This function is used to construct the argument of function...

9.8CVSS9.5AI score0.02555EPSS
Exploits1References1
nvd
nvd
added 2020/03/11 2:15 p.m.15 views

CVE-2020-5203

In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input e.g., $REQUEST, $GET, or $POST to the framework's Clear method...

9.8CVSS9.7AI score0.02137EPSS
Exploits0References2
cvelist
cvelist
added 2020/03/11 1:28 p.m.21 views

CVE-2020-5203

In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input e.g., $REQUEST, $GET, or $POST to the framework's Clear method...

9.8AI score0.02137EPSS
Exploits0References2
cve
cve
added 2020/03/11 1:28 p.m.70 views

CVE-2020-5203

CVE-2020-5203 affects Fat-Free Framework 3.7.1. The vulnerability allows arbitrary code execution when developers pass user-controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework’s Clear method. This is a remote, high-severity issue with reported CVSS scores indicating critical imp...

9.8CVSS9.7AI score0.02137EPSS
Exploits0References2Affected Software1
zdt
zdt
added 2020/01/30 12:0 a.m.200 views

OpenSMTPD 6.6.2 - Remote Code Execution Exploit

Exploit Title: OpenSMTPD 6.6.2 - Remote Code Execution Exploit Author: 1F98D Original Author: Qualys Security Advisory Vendor Homepage: https://www.opensmtpd.org/ Software Link: https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.1p1 Version: OpenSMTPD '.formatsys.argv0 print"E.g. 127.0.0.1 2...

10CVSS0.1AI score0.98946EPSS
Exploits27
exploitdb
exploitdb
added 2020/01/30 12:0 a.m.367 views

OpenSMTPD 6.6.1 - Remote Code Execution

Exploit Title: OpenSMTPD 6.6.1 - Remote Code Execution Date: 2020-01-29 Exploit Author: 1F98D Original Author: Qualys Security Advisory Vendor Homepage: https://www.opensmtpd.org/ Software Link: https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.1p1 Version: OpenSMTPD '.formatsys.argv0...

10CVSS9.7AI score0.98946EPSS
Exploits27
veracode
veracode
added 2020/01/28 6:52 a.m.14 views

Remote Code Execution

angular-expressions is vulnerable to remote code execution. An attacker to execute arbitrary Javascript expressions on the system when the function compile is called with user-controlled input...

8.8CVSS3.9AI score0.02393EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2020/01/11 1:15 a.m.30 views

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may...

9.8CVSS9.8AI score0.02148EPSS
Exploits0References3
osv
osv
added 2020/01/11 1:15 a.m.20 views

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may...

9.8CVSS7.7AI score
Exploits0References3
prion
prion
added 2019/10/30 12:15 a.m.15 views

Input validation

An insecure direct object reference IDOR vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled...

4CVSS6.2AI score0.01881EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2019/10/10 10:50 p.m.30 views

CVE-2016-8620

The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...

7.5CVSS5.4AI score0.04413EPSS
Exploits0References2
nvd
nvd
added 2019/07/25 2:15 p.m.11 views

CVE-2019-1010161

perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in decodejws. The attack vector is: network connectivitycrafting user-controlled input to bypass authentication. The fixed...

9.8CVSS9.6AI score0.01103EPSS
Exploits0References1
Rows per page
Query Builder