CVE-2023-46243 Code execution via the edit action in XWiki platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it. A crafted URL of the form...

CVE-2016-6521

Cross-site request forgery CSRF vulnerability in Grails console aka Grails Debug Console and Grails Web Console 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors...

Grails console CSRF vulnerability

Grails is a set of open source framework for rapid Web application development , it is based on the Groovy programming language , and built on top of Spring, Hibernate and other open source frameworks , is a highly productive one-stop framework . Grails has a security vulnerability , an attack ca...

Mulesoft ESB Runtime 3.5.1 Privilege Escalation / Code Execution Vulnerabilities

Mulesoft ESB Runtime version 3.5.1 suffers from an authenticated privilege escalation vulnerability that can lead to remote code execution. Mulesoft ESB Runtime 3.5.1 Authenticated Privilege Escalation → Remote Code Execution Mulesoft ESB Runtime 3.5.1 allows any arbitrary authenticated user to...

Jenkins Accessible without Credentials

The remote web server hosts Jenkins, a job scheduling / management system and a drop-in replacement for Hudson. By allowing unauthenticated access to the application, anyone may be able to configure Jenkins and jobs, and perform builds. Additionally, this script checks for unauthenticated access ...