Code injection

HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user...

CVE-2023-38318

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

GHSA-CWX6-4WMF-C6XV SQL Injection in Admin download files as zip

Summary The application allows to create zip files from available files on the site. The parameter "selectedIds", is susceptible to SQL Injection. Details downloadAsZipJobsAction escape parameters, but downloadAsZipAddFilesAction not. The following code should be added: foreach $selectedIds as...

CVE-2024-23348

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote...

Sandbox Escape

de.tum.in.ase, artemis-java-test-sandbox is vulnerable to Sandbox Escape. The vulnerability is due to allowing users to create whitelisted class packages in the SecurityManager. An attacker can exploit this to includes class files in a package that Ares trusts leading to arbitrary Java code...

Code injection

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3. Processing web content may lead to arbitrary code execution...

GHSA-C4PG-5GGH-VCPP Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-98hq-4wmw-98w9. This link is maintained to preserve external references. Original Description Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted...

CVE-2024-23683

Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

CVE-2024-23681

Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

Code injection

Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

CVE-2024-23681 Artemis Java Test Sandbox Libary Load Escape

Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

Artemis Java Test Sandbox Security Vulnerability

Artemis Java Test Sandbox is a JUnit 5 extension for the Applied Software Engineering TUM program at the Technical University of Munich, Germany. A security vulnerability exists in Artemis Java Test Sandbox versions prior to 1.11.2. An attacker can exploit this vulnerability to execute arbitrary...

Teledyne FLIR AX8 Command Injection Vulnerability

Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. The Teledyne FLIR AX8 suffers from a command injection vulnerability that stems from an arbitrary command execution vulnerability in the value parameter of the /usr/www/res.php page...

Cross site scripting

A stored cross-site scripting XSS vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field...

CVE-2023-35961

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...

DEBIAN-CVE-2023-35962

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...

CVE-2023-35959

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns .ghw...

DEBIAN-CVE-2023-35959

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns .ghw...

Command injection

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy...

CVE-2023-35960

GTKWave 3.3.115 contains multiple OS command injection vulnerabilities in its legacy decompression path (vcd_main). A specially crafted VCD/wave file can lead to arbitrary code execution when opened by a user, local access is required and UI interaction is needed. The issue is documented across m...