XWiki Platform 代码注入漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform that originates from the ability of any user to execute arbitrary Groovy, Python or Velocity code in XWiki...

Input validation

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

CVE-2023-1482 HkCms External Plugin code injection

A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack...

SAP BusinessObjects Business Intelligence Platform Code Injection (3245526)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is affected by a code injection vulnerability. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number...

CVE-2023-25616 Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)

In some scenario, SAP Business Objects Business Intelligence Platform CMC - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact th...

Exploit for Code Injection in Phpunit_Project Phpunit

MASS CVE-2017-9841 Usage sh apt install python...

Debian: Security Advisory (DLA-562-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Baicells EG7035-M11 命令注入漏洞

The Baicells EG7035-M11 is an LTE Outdoor CPE from Baicells USA. A security vulnerability exists in the Baicells EG7035-M11 BCE-ODU-1.0.8 version and prior versions, which stems from vulnerability to improper code injection via HTTP GET commands...

MarkText 代码注入漏洞

MarkText is a simple and elegant open source Markdown editor focused on speed and usability. A code injection vulnerability exists in MarkText version 0.17.1 and earlier versions. An attacker can exploit this vulnerability to inject arbitrary code...

Dell EMC NetWorker 代码注入漏洞

Dell EMC NetWorker is a suite of unified backup and recovery software from Dell USA. The software provides backup and recovery, deduplication elimination, backup reporting, and other features. A code injection vulnerability exists in Dell EMC NetWorker. An unauthenticated, remote attacker can sen...

CVE-2022-34456

Dell EMC Metro node, Versions prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application...

PT-2023-16152 · Pypi +1 · Js2Py +1

Name of the Vulnerable Software and Affected Versions: pyload/pyload versions prior to 0.5.0b3.dev31 Description: The issue concerns a code injection vulnerability in the pyload/pyload GitHub repository. It allows for pre-authentication remote code execution RCE due to the integration of JavaScri...

CVE-2023-0297

PyLoad 0.5.0 pre-auth RCE (CVE-2023-0297) via code injection in js2py exposed by the flash/addcrypted2 endpoint. Exploitation is unauthenticated and can be triggered by sending crafted requests to /flash/addcrypted2, enabling remote code execution on affected systems. Multiple connected sources c...

CVE-2022-3713

A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA...

CVE-2022-41223

The Director database component of MiVoice Connect through 19.3 22.22.6100.0 could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type...

CVE-2022-3721 Code Injection in froxlor/froxlor

Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39...

CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan

kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...

Metasploit Wrap-Up

Spring Cloud Gateway RCE This week, a new module that exploits a code injection vulnerability in Spring Cloud Gateway CVE-2022-22947 has been added by @Ayantaker. Versions 3.1.0 and 3.0.0 to 3.0.6 are vulnerable if the Gateway Actuator endpoint is enabled, exposed and unsecured. The module sends ...

CVE-2022-3236

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older...

GLPI 注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...