CVE-2024-45766

Dell OpenManage Enterprise, versions OME 4.1 and prior, contains an Improper Control of Generation of Code 'Code Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution...

RHEL 5 : spamassassin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spamassassin: command injection via crafted configuration file CVE-2020-1931 - A denial of service...

CVE-2023-45590

An improper control of generation of code 'code injection' in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website...

Exploit for Code Injection in Openplcproject Openplc_V3_Firmware

cve-2021-31630 OpenPLC WebServer v3 - Authenticated RCE T...

DS Wireless Communication - Remote Code Execution Exploit

Exploit Title: DS Wireless Communication Remote Code Execution Exploit Author: MikeIsAStar Vendor Homepage: https://www.nintendo.com Version: Unknown Tested on: Wii CVE: CVE-2023-45887 """This code will inject arbitrary code into a client's game. You are fully responsible for all activity that...

Easy SVG Allow <= 1.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following code: alert"xss"; Access the uploaded file directly to trigger the XSS...

Code injection

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

Exploit for Code Injection in Gitlab

CVE-2021-22205 This vulnerability arises from Gitlab’s impro...

Code injection

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjsprint at src/mjsbuiltin.c. This vulnerability can lead to a Denial of Service DoS...

Code Injection in sofianehamlaoui/lockdoor-framework

✍️ Description Multiple Command injection in infogathering.py file due to lack of sanitization. 🕵️‍♂️ Proof of Concept Payload : id Video: https://drive.google.com/file/d/1uozVKKHL1LSMvFW7ehX3eIoxsWFLCes1/view?usp=sharing 💥 Impact tools ask for root to run so every command injected will run as root...

Code injection

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...

CVE-2019-3562

A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11...

CVE-2018-9113

Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'script type="text/javascript" src=' line. Fix released on 2018-03-29...

Code injection

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072...

WordPress Welcome Announcement 1.0.5 Cross Site Scripting

Exploit Title: Wordpress Welcome Announcement Cross Site Scripting Exploit Author: bl4ckmohajem Vendor Homepage: https://wordpress.org/plugins/welcome-announcement/ Tested On: Windows7 Software Link: https://downloads.wordpress.org/plugin/welcome-announcement.1.0.5.zip Version: 1.0.5 Vulnerable...

CodoForum 3.3.1 - Multiple SQL Injections

CodoForum 3.3.1 - Multiple SQL Injections CodoForum 3.3.1: Multiple SQL Injection Vulnerabilities Security Advisory – Curesec Research Team http://blog.curesec.com/article/blog/CodoForum-331-Multiple-SQL-Injection-Vulnerabilities-42.html 1. Introduction Affected Product: CodoForum 3.3.1 Fixed in:...

Windows 7 Pro SP1 64 Fr Beep Shellcode 39 Bytes

Windows Seven Pro SP1 64 Fr Beep Shellcode 39 Bytes. Shellcode exploit for win64 platform include char shellcode = "\x31\xC9" //xor ecx, ecx "\x64\x8B\x71\x30" //mov esi, fs:ecx+0x30 "\x8B\x76\x0C" //mov esi, esi+0x0C "\x8B\x76\x1C" //mov esi, esi+0x1c "\x8B\x06" //mov eax, esi "\x8B\x68\x08" //m...