CVE-2022-42902

CVE-2022-42902 affects Linaro Automated Validation Architecture (LAVA); in versions prior to 2022.10, lava_server/lavatable.py allows remote code execution due to improper input sanitization, enabling an anonymous user to cause lava-server-gunicorn to run user-provided code. Debian advisories (DL...

PT-2022-26653 · Linaro · Lava

Name of the Vulnerable Software and Affected Versions: Linaro Automated Validation Architecture LAVA versions prior to 2022.10 Description: The issue is related to dynamic code execution in lava server/lavatable.py due to improper input sanitization. This allows an anonymous user to force the...

Low-rent RAT Worries Researchers

For about the price of a cup of Starbucks latte, a hacker is renting out a remote access trojan designed to backdoor targeted networks. Dubbed as Dark Crystal RAT or DCRat, the malware is being peddled online to hackers in Russian by a lone rookie malware writer with a penchant for cut-rate...

What is RCE (Remote code execution) attack ❓ Prevention methods

What is Remote Code Execution? Remote Code Execution or execution, also known as Arbitrary Code Execution, is a concept that describes a form of cyberattack in which the attacker can solely command the operation of another person’s computing device or computer. RCE takes place when malicious...

CVE-2019-11201

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...

VOOKI - Web Application Vulnerability Scanner

Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section. Vooki – Web Application Scanner can help you to find the...

LogicalDoc Document Managment System CE: source code security analysis report

Several vulnerabilities were discovered in LogicalDOC 'LogicalDoc Document Managment System CE' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из...

方维购物分享最新版前台代码漏洞

简要描述： 一步两步似魔鬼的步伐 详细说明： 缺陷文件： /core/function/global.func.php 如下： / 显示页面 @param string $cachefile 缓存路径 @param bool $issession 是否更新session @param bool $isreturn 是否返回页面内容 @return mixed / function display$cachefile = '',$issession = true,$isreturn = false global $FANWE; $content = NULL;...

AdaptBB 1.0b Multiple Remote Vulnerabilities

No description provided by source. Salvatore "drosophila" Fresta + Application: AdaptBB + Version: 1.0 Beta + Website: http://sourceforge.net/projects/adaptbb/ + Bugs: A Multiple Blind SQL Injection B Multiple Dynamic Code Execution C Arbitrary File Upload + Exploitation: Remote + Date: 09 Apr 20...

adaptbb 1.0b - Multiple Vulnerabilities

Salvatore "drosophila" Fresta + Application: AdaptBB + Version: 1.0 Beta + Website: http://sourceforge.net/projects/adaptbb/ + Bugs: A Multiple Blind SQL Injection B Multiple Dynamic Code Execution C Arbitrary File Upload + Exploitation: Remote + Date: 09 Apr 2009 + Discovered by: Salvatore...

adaptbb 1.0b - Multiple Vulnerabilities

adaptbb 1.0b - Multiple Vulnerabilities Salvatore "drosophila" Fresta + Application: AdaptBB + Version: 1.0 Beta + Website: http://sourceforge.net/projects/adaptbb/ + Bugs: A Multiple Blind SQL Injection B Multiple Dynamic Code Execution C Arbitrary File Upload + Exploitation: Remote + Date: 09 A...

AdaptBB 1.0b Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================ AdaptBB 1.0b Multiple Remote Vulnerabilities ============================================ Salvatore "drosophila" Fresta + Application: AdaptBB + Version: 1.0 Beta + Website:...

DEBIAN-CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...