Garden Code Issues Vulnerabilities

Garden is an automation tool for Kubernetes development and testing. Garden has a code issue vulnerability that stems from vulnerability to code injection attacks...

Trellix Endpoint Security Code Injection Vulnerability

Trellix Endpoint Security ENS is an endpoint security solution from FireEye USA Trellix. A security vulnerability exists in Trellix Endpoint Security version 10.7.0 prior to April 2023 that originates from allowing local users to disable the ENS AMSI component via an environment variable, resulti...

ForU CMS Code Injection Vulnerability

ForU CMS is an open source website builder from ForU. ForU CMS suffers from a code injection vulnerability, which originates from an unknown section in /install/index.php and results in code injection via the parameter dbnam...

Frauscher Sensortechnik FDS101 v1.4.24 Code Injection Vulnerability

Frauscher Sensortechnik FDS101 is a diagnostic system device from Frauscher. A code injection vulnerability exists in Frauscher Sensortechnik FDS101 v1.4.24, which stems from the presence of a remote code execution RCE vulnerability...

Code injection

Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access...

CVE-2023-39016

bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument...

CVE-2023-39017

quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that...

CVE-2023-39015

webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader...

BoofCV 代码注入漏洞

BoofCV is an open source real-time computer vision library from the individual developer Peter Abeles. A security vulnerability exists in BoofCV version 0.42, which stems from a code injection vulnerability in the component boofcv.io.calibration.CalibrationIO.load...

Wix Embedded MySql 代码注入漏洞

Wix Embedded MySql is a Wix Incubator open source based embedded mysql. A security vulnerability exists in Wix Embedded MySql v4.6.1 and earlier versions, which stems from a code injection vulnerability in the component com.wix.mysql.distribution.setup.apply...

PT-2023-26736 · Duke · Duke

Name of the Vulnerable Software and Affected Versions: Duke versions 1.2 and below Description: The issue is related to a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init. Recommendations: For Duke versions 1.2 and below, consider disabling the...

PT-2023-6978 · Fsmlabs · Fsmlabs Timekeeper

Name of the Vulnerable Software and Affected Versions: FSMLabs TimeKeeper versions 8.0.17 through 8.0.28 Description: The issue is related to insufficient input validation in the FSMLabs TimeKeeper software. It allows an attacker to intercept requests from various timekeeper streams and find the...

Auto-GPT 代码注入漏洞

Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. A code injection vulnerability exists in Auto-GPT versions prior to 0.4.3, which stems from a docker-compose.yml file located in the repository root directory that installs itself into a docker...

SUSE-SU-2023:2637-1 Security update for sccache

This update for sccache fixes the following issues: - CVE-2023-1521: Fixed possible code injection via LDPRELOAD to sccache server bsc1212407. - CVE-2022-31394: Fixed a denial-of-service vulnerability via header list size bsc1208553...

XWiki Platform 代码注入漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform version 12.9-rc-112.9-rc-1 and prior versions, which stems from allowing a logged in user to add dangerous content to the...

Chatwork 代码注入漏洞

Chatwork is a business group chat application from Chatwork, Inc. A security vulnerability exists in Chatwork Desktop Application version 2.6.43 and earlier, which stems from a code injection vulnerability that allows a non-administrative user to store and access audio and image data for the...

OpenEMR 代码注入漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A code injection vulnerability previously existed in OpenEMR version 7.0.1. No...

Schneider Electric StruxureWare Data Center Expert Code Injection Vulnerability

Schneider Electric StruxureWare Data Center Expert is a monitoring software from the French company Schneider Electric Schneider Electric. It is suitable for a variety of organizations to monitor their company-wide power, cooling, security, and environment. A code injection vulnerability exists i...

Arbitrary Code Injection

vm2 is vulnerable to Code Injection. The vulnerability exists due to lack of exception sanitization in the handleException function which allows an attacker to inject and execute malicious code and break out of the sandboxed enviroment...

XWiki Commons 代码注入漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that any user with editing privileges can execute arbitrary Groovy, Python, or Velocity code in XWiki to gain full access to the XWiki...