Code injection

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution...

CVE-2023-38486

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary...

CVE-2023-38486 Hardware Root of Trust Bypass in 9200 and 9000 Series Controllers and Gateways

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary...

CVE-2023-41601

Multiple cross-site scripting XSS vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters...

Arbitrary Code Execution

apparmor is vulnerable to Arbitrary Code Execution. This vulnerability exists due to a flaw in the way AppArmor compiles mount rules. A local attacker can exploit this vulnerability by mounting a specially crafted filesystem, which could lead to arbitrary code execution...

Internet Bug Bounty: [CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements

A DOM-based cross-site scripting vulnerability was discovered in rails-ujs, affecting versions 5.1.0 and above. By pasting malicious HTML content with specific attributes into a contenteditable element, an attacker could execute arbitrary JavaScript on the affected origin. The vulnerability has...

CVE-2023-39709

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section...

Online Travel Agency System Cross-Site Scripting Vulnerability

Online Travel Agency System is an online travel agency system. Online Travel Agency System v1.0 version of a cross-site scripting vulnerability, the vulnerability stems from the insert.php parameter description of the user-supplied data lack of effective filtering and escaping, an attacker can...

ELECOM wireless LAN routers 操作系统命令注入漏洞

ELECOM wireless LAN routers are a series of routers from ELECOM Japan. A security vulnerability exists in ELECOM Wireless LAN Routers that stems from the presence of an operating system command injection vulnerability. An attacker could exploit the vulnerability by sending a specially crafted...

IBM Security Guardium 操作系统命令注入漏洞

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A command execution vulnerability exists in IBM Security...

CVE-2023-31209 Command injection via active checks and REST API

Improper neutralization of active check command arguments in Checkmk 2.1.0p32, 2.0.0p38, 2.2.0p4 leads to arbitrary command execution for authenticated users...

CVE-2022-48583

A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2023-39008

A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands...

CVE-2023-39532 SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

CVE-2023-39532 SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

Code injection

User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution...

CVE-2021-39421

A cross-site scripting XSS vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37289

It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run...

GHSA-P9XF-74XH-MHW5 1Panel command injection vulnerability in Firewall ip functionality

Summary An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Details 1Panel firewall functionality /hosts/firewall/...

ImpressCMS Cross-Site Scripting Vulnerability (CNVD-2023-59104)

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums and photo albums. A cross-site scripting vulnerability exists in ImpressCMS v1.4.5 and earlier versions, which stems from the lack of effective filtering and escaping of...