879 matches found
PT-2023-1397 · Microsoft · Azure Devops Server
Name of the Vulnerable Software and Affected Versions: Azure DevOps Server affected versions not specified Description: The issue is related to incorrect code generation management in Azure DevOps Server, which can be exploited by a remote attacker to execute arbitrary code. Recommendations: At t...
PT-2023-1537 · Microsoft · Exchange Server
Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to errors in code generation management. It allows a remote attacker to execute arbitrary code. Recommendations: At the moment, there is no informatio...
PT-2023-1514 · Microsoft · Exchange Server
Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to incorrect code generation management in Microsoft Exchange Server. It allows a remote attacker to execute arbitrary code. There is no information...
Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks
The legitimate command-and-control C2 framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver...
Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks
The legitimate command-and-control C2 framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver...
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Impact In Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows in the template to call any global PHP function. Patches The problem has been fixed with 6.4.18.1 with an override of the specified filters until...
PT-2023-7037 · Microsoft +1 · Visual Studio Code +1
Name of the Vulnerable Software and Affected Versions: Visual Studio Code affected versions not specified Description: The issue is related to improper code generation control in Visual Studio Code, allowing an attacker to execute arbitrary code. This can be exploited to gain unauthorized access...
Yii 跨站脚本漏洞
Yii is a component-based, high-performance PHP framework for developing large-scale web applications developed by the YII team. A security vulnerability exists in Yii Yii2 Gii 2.2.4 and earlier versions, which originates from a vulnerability that allows XSS attacks to be stored by injecting the...
PT-2022-5773 · Ami · Megarac
Name of the Vulnerable Software and Affected Versions: MegaRAC affected versions not specified Description: The issue is related to errors in code generation in the AMI MegaRAC Redfish API interface, which can be exploited by a remote attacker to execute arbitrary code by sending a specially...
PT-2022-5497 · Microsoft · Wdac Ole Db Provider For Sql Server +1
Name of the Vulnerable Software and Affected Versions: Microsoft WDAC OLE DB provider for SQL Server affected versions not specified Description: The issue is related to incorrect code generation management in the Microsoft WDAC OLE DB provider for SQL Server. It allows remote attackers to execut...
PT-2022-6359 · Dell Emc · Dell Emc Metro Node
Name of the Vulnerable Software and Affected Versions: Dell EMC Metro node versions prior to 7.1 Description: The issue is related to incorrect code generation management in the system, allowing a remote attacker to execute arbitrary commands. An authenticated nonprivileged attacker could...
Tacitine Firewall EN6200 Command Injection Vulnerability
Tacitine Firewall EN6200 is a series of firewalls from Tacitine. The Tacitine Firewall EN6200 suffers from a command injection vulnerability that stems from improper control of code generation in the web-based management interface of the Tacitine-Firewall. An unauthenticated, remote attacker coul...
CVE-2022-40628
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 inclusive, due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit...
CVE-2022-40628
The CVE-2022-40628 affects Tacitine Firewall EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100, versions 19.1.1–22.20.1. Root cause: improper control of code generation in the web-based management interface, enabling an unauthenticated remote attacker to send a crafted HTTP request and execute arbit...
CVE-2022-35173
An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...
CVE-2022-35173
An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...
CVE-2022-35173
An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...
CVE-2022-35173
An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...
CVE-2022-35173
An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...
CVE-2022-35173
Affected software: Nginx NJS v0.7.5. Issue: the JUMP offset for a break instruction was not set to the correct offset during code generation, leading to a segmentation fault. Impact: described as a segmentation violation with CVSS v3.1 base score 7.5 ( HIGH ). Exploit details are not provided in ...