XWiki < 4.10.20 - Remote code execution

XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user...

Journyx 11.5.4 Authenticated Remote Code Execution Vulnerability

Journyx version 11.5.4 has an issue where attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. Title: Journyx Authenticated Remote Code Execution Advisory ID: KL-001-2024-008 Publication Date: 2024.08.07 Publication URL:...

Journyx 11.5.4 Authenticated Remote Code Execution

KL-001-2024-008: Journyx Authenticated Remote Code Execution Title: Journyx Authenticated Remote Code Execution Advisory ID: KL-001-2024-008 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt 1. Vulnerability Details Affected Vendor: Journ...

Journyx Authenticated Remote Code Execution

Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-94: Improper Control of Generation of Code 'Code Injection', CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval...

Hitachi Energy MACH SCM (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.9 ATTENTION : Exploitable remotely Vendor : Hitachi Energy Equipment : MACH SCM Vulnerabilities : Improper Control of Generation of Code, Improper Neutralization of Directives in Dynamically Evaluated Code 2. RISK EVALUATION Successful exploitation of...

Design/Logic Flaw

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

CVE-2018-1999022

The CVE-2018-1999022 entry concerns PEAR HTML_QuickForm version 3.2.14, where an eval injection vulnerability exists in multiple methods (getSubmitValue, validate, hierselect _setOptions, element _findValue, element _prepareValue). The described exploit could lead to information disclosure, data ...

CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

Important: Red Hat Security Advisory: rh-ruby22-ruby security, bug fix, and enhancement update

An update for rh-ruby22-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

The use of Python code implementing the Web application of the injection-vulnerability warning-the black bar safety net

Vulnerability overview If your Web application exists in the Python code injection vulnerability, the attacker can use your Web applications to your back-end server of the Python parser to send malicious Python code. This also means that if you can on the target server execute Python code, you ca...

Foreman (Red Hat OpenStack/Satellite) bookmarks/create Code Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4...

Foreman (Red Hat OpenStack/Satellite) bookmarks/create Code Injection

This module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier. This module requires Metasploit: https://metasploit.com/download Current source:...

One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.

PMASA-2012-5 Announcement-ID: PMASA-2012-5 Date: 2012-09-25 Updated: 2012-09-26 Summary One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor. Description One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a...