61 matches found
CVE-2024-28121 Reflex arbitrary method call in stimulus_reflex
stimulusreflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security...
GHSA-F78J-4W3G-4Q65 StimulusReflex arbitrary method call
Summary More methods than expected can be called on reflex instances. Being able to call some of them has security implications. Details To invoke a reflex a websocket message of the following shape is sent: json "target": "classnamemethodname", "args": The server will proceed to instantiate refl...
PT-2024-15732 · 10Web · The Form Maker
Name of the Vulnerable Software and Affected Versions: The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress versions up to, and including, 1.15.21 Description: The issue is due to missing or incorrect nonce validation on the execute function, making it...
Fusion Builder < 3.6.2 - Unauthenticated SSRF
Description The plugin, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network...
CVE-2021-40719
Adobe Connect version 11.2.3 and earlier is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server...
CVE-2021-40719 Adobe Connect Deserialization of Untrusted Data Remote Code Execution
Adobe Connect version 11.2.3 and earlier is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server...
ruby: Code injection via command argument of Shell#test / Shell#[]
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...
CVE-2021-30179
Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...
CVE-2020-5604
Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...
Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of the Java object
Overview Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability that an arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Taichi Kotake of Akatsuki Inc. reported this vulnerability to IPA. JPCERT/CC...
JVN#93167107: Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object
Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability which may allow arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Impact An arbitrary method of a Java object may be executed by a remote attacker...
Ruby has an unspecified vulnerability
Ruby is a simple and fast object-oriented object-oriented programming scripting language. An unspecified vulnerability exists in Ruby. An attacker can exploit this vulnerability to invoke arbitrary Ruby methods...
DEBIAN-CVE-2019-16255
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...
jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (SECURITY-921)
A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
Node.js third-party modules: [reveal.js] XSS by calling arbitrary method via postMessage
I would like to report XSS in reveal.js It allows gaining access to the victim's account and performing actions on his behalf Module module name: reveal.js version: 3.8.0 npm page: https://www.npmjs.com/package/reveal.js Module Description A framework for easily creating beautiful presentations...
PT-2018-10312 · Openwrt · Openwrt
Name of the Vulnerable Software and Affected Versions: OpenWrt affected versions not specified Description: The issue concerns the mishandling of access control in certain configuration files, potentially allowing remote authenticated users to call arbitrary methods, which could lead to remote...
CVE-2014-8148
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges...
CVE-2014-8148
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges...
UBUNTU-CVE-2014-8148
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges...
Apache Struts 2 vulnerable to an arbitrary Java method execution
Overview Apache Struts 2 contains an arbitrary Java method execution vulnerability. Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is...