725 matches found
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection
Summary The tj-actions/branch-names GitHub Actions references the github.event.pullrequest.head.ref and github.headref context variables within a GitHub Actions run step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name...
CVE-2023-49291 Improper Sanitization of Branch Name Leads to Arbitrary Code Injection
tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The tj-actions/branch-names GitHub Actions improperly references the github.event.pullrequest.head.ref and github.headref context variables within a GitHub Actions run step. The head ref variab...
Arbitrary Code Injection
quartz-jobs is vulnerable to Arbitrary code injection. The vulnerability is due to lack of message validation in the SendQueueMessageJob.execute method, which can lead to remote code execution...
Input validation
Improper input validation in Dolibarr ERP CRM = v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code...
CVE-2023-29453
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
Arbitrary Code Injection
pretix is vulnerable to Arbitrary Code Injection. The vulnerability is caused by allowing parsing of EPS Encapsulated PostScript files in various features of the application. An attacker can exploit this to execute arbitrary code by sending a specially crafted EPS file...
The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in its improper code generation management, allowing an attacker to execute arbitrary code.
The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to inject arbitrary code into the system...
CVE-2023-40985
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file ...
Webmin Cross-Site Scripting Vulnerability
Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version 2.100. An attacker can exploit this vulnerability to inject arbitrary code...
Arbitrary Code Injection
sketchsvg is vulnerable to Remote Code Execution RCE. The vulnerability exists due to a lack of user input sanitization in when calling the shell.exec method, allowing an attacker to inject and execute malicious code into the system...
Arbitrary Code Injection
org.apache.nifi: is vulnerable to Arbitrary Code Injection. The vulnerability exists in several functions which allows an authenticated attacker to submit a malicious request to configure a location that enables custom code execution...
Arbitrary Code Injection
org.apache.rocketmq, rocketmq-namesrv is vulnerable to Remote Code Execution RCE. The vulnerability exists because the library allows updating the config path at runtime, allowing an attacker to inject and execute malicious code through the update configuration function by forging the RocketMQ...
Arbitrary Code Injection
Apache Ambari is vulnerable to Arbitrary Code Injection. The vulnerability exists in the metrics source which allows an attacker to execute arbitrary code by submitting a malicious SpEL expression...
CVE-2022-42045
Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28...
CVE-2022-42045
Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28...
CVE-2022-42045
Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28...
CVE-2022-42045
CVE-2022-42045 affects Zemana Watchdog AntiMalware 4.1.422 and Zemana AntiMalware 3.2.28, due to an arbitrary code injection in the amsdk.sys kernel driver. Root cause: an input-driven stub in the driver can be filled with user-controlled code, enabling kernel-mode code execution and potential dr...
Zemana Anti Malware 安全漏洞
Zemana Anti Malware is an anti-malware program from Zemana. A security vulnerability exists in Zemana Anti Malware version 4.1.422, Zemana AntiMalware version 3.2.28, which stems from vulnerability to arbitrary code injection...
CVE-2022-42045
Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28...
Apache RocketMQ 5.1.0 Arbitrary Code Injection Exploit
RocketMQ versions 5.1.0 and below are vulnerable to arbitrary code injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that...