60 matches found
net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input
A flaw was found in Net::IMAP before 0.4.24, 0.5.14, and 0.6.4. Several commands accept raw string arguments sent to the server without validation or escaping; if derived from user-controlled input, CRLF sequences allow injection of arbitrary IMAP commands...
Cross-site Scripting (XSS)
Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the tomarkdown function. An attacker can inject arbitrary HTML content by supplying specially crafted input that includes HTML-significant characters...
EUVD-2020-28695
Malware in sbrugna...
EUVD-2019-0297
Malware in sbrugna...
EUVD-2017-15996
Malware in sbrugna...
EUVD-2021-1888
Malware in sbrugna...
EUVD-2015-8481
Malware in sbrugna...
EUVD-2021-10779
Malware in sbrugna...
EUVD-2005-1362
Malware in sbrugna...
EUVD-2020-19367
Malware in sbrugna...
EUVD-2014-4755
Malware in sbrugna...
EUVD-2008-1259
Malware in sbrugna...
EUVD-2024-46200
Malicious code in bioql PyPI...
EUVD-2024-22188
Malicious code in bioql PyPI...
Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfigincludes is vulnerable to directory traversal leading to same scenarios as...
cri-o: Arbitrary command injection via pod annotation
A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system...
cri-o: Arbitrary command injection via pod annotation
A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system...
Exploit for Code Injection in Apache Rocketmq
CVE-2023-33246RocketMQRCEEXP CVE-2023-33246 RocketMQ Remote...
CVE-2023-29400
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
CVE-2023-29007
A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...