19 matches found
EUVD-2014-2588
Malware in sbrugna...
EUVD-2019-9424
Malware in sbrugna...
EUVD-2022-15611
Malicious code in bioql PyPI...
CVE-2019-19826
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...
SUSE CVE-2014-2553
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields...
CVE-2022-0473
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions...
CVE-2022-0473
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions...
CVE-2019-19826
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...
CVE-2019-19826
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...
Arbitrary file deletion
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...
CVE-2019-19826
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...
CVE-2019-19826
The CVE refers to Drupal’s Views Dynamic Fields module (7.x-1.0-alpha4). It insecurely unserializes data in handlers/views_handler_filter_dynamic_fields.inc, enabling PHP object injection via a field_names object and an Archive_Tar object, with file deletion as an example. This could lead to code...
Views Dynamic Fields Code Issue Vulnerability
Drupal is the Drupal community of a set of open source content management system developed using the PHP language . Views Dynamic Fields is used in one of the field filtering display module . A code issue vulnerability exists in Drupal Views Dynamic Fields 7.x-1.0-alpha4 and earlier versions for...
CVE-2014-2553
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields...
DEBIAN-CVE-2014-2553
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields...
CVE-2014-2553
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields...
Cross site scripting
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields...
CVE-2014-2553
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields...
CVE-2014-2553
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields...