1059 matches found
CVE-2022-48584
A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...
CVE-2022-48584
A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...
CVE-2022-48584
A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...
CVE-2022-48584
A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...
WordPress Convert Pro Plugin <= 1.7.5 is vulnerable to Broken Access Control
Software Convert Pro Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-36684 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a39b0cc59883 Credits Rafie Muhammad Patchstack...
PyPDF2 安全漏洞
PyPDF2 is a free open source pure python PDF library . Able to split, merge, crop and convert pages of a PDF file . pypdf version 2.10.6 before the existence of a security vulnerability , the vulnerability stems from the existence of an infinite loop , will block the process...
packet.DestinationChannel IS CHECKED AGAINST THE WhitelistedChannels, BUT packet.SourceChannel SHOULD BE CHECKED INSTEAD, AS PER THE PROTOCOL DESIGN REQUIREMENTS
Lines of code Vulnerability details Impact In the ibccallbacks.OnRecvPacket function, the Source Channel of the transferred packet is required to be checked against the WhitelistedChannels of the module. If the Source Channel of the packet is not in the WhitelistedChannels list then the auto swap...
Malicious Package
Overview ng-filter-convert is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
PT-2023-24434 · Sitecore · Sitecore Experience Platform
Name of the Vulnerable Software and Affected Versions: Sitecore Experience Platform XP version 9.3 Description: The issue is related to an authenticated remote code execution via the /Applications/Content Manager/Execute.aspx component, specifically when the cmd parameter is set to convert and th...
The vulnerability of the Convert To Pipeline plugin, related to the manipulation of cross-site requests, allows a hacker to execute arbitrary code.
The vulnerability of the Convert To Pipeline plugin is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page, from a remote location...
The vulnerability of the Freestyle Project Configuration Handler component of the Convert To Pipeline Plugin allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Freestyle Project Configuration Handler component of the Convert To Pipeline Plugin is related to improper code generation management. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility ...
ImageMagick 7.1.0-49 - DoS
Exploit Title: ImageMagick 7.1.0-49 - DoS Author: nu11secur1ty Date: 02.07.2023 Vendor: https://imagemagick.org/ Software: https://imagemagick.en.uptodown.com/windows/download/82953605 Reference: https://portswigger.net/daily-swig/denial-of-service CVE-ID: CVE-2022-44267 Description: ImageMagick...
OSV-2023-272 Heap-buffer-overflow in unsigned long simdutf::haswell::convert_masked_utf8_to_utf16<
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57632 Crash type: Heap-buffer-overflow WRITE Crash state: unsigned long simdutf::haswell::convertmaskedutf8toutf16 simdutf::haswell::implementation::convertutf8toutf16le roundtrip.cc...
GHSA-7C44-M589-36W7 Jenkins Convert To Pipeline Plugin vulnerable to command injection
Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations. This allows attackers able to configure Freestyle projects to prepare a crafted...
GHSA-48G9-H7G5-8PW2 Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery
Convert To Pipeline Plugin 1.0 and earlier does not require POST requests for the HTTP endpoint converting a Freestyle project to Pipeline, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to create a Pipeline based on a Freestyle project. Combined...
Jenkins Convert To Pipeline Plugin vulnerable to command injection
Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations. This allows attackers able to configure Freestyle projects to prepare a crafted...
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery
Convert To Pipeline Plugin 1.0 and earlier does not require POST requests for the HTTP endpoint converting a Freestyle project to Pipeline, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to create a Pipeline based on a Freestyle project. Combined...
CVE-2023-28677
Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted...
CVE-2023-28676
A cross-site request forgery CSRF vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution RCE...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution RCE...