793 matches found
GHSA-QXJG-JHGW-QHRV org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection
Impact Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of UIX parameters A proof of concept exploit is to log in, add an XWiki.UIExtensionClass xobject to the user profil...
CVE-2023-0089
The webutils in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below...
CVE-2023-0090
The webservices in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all...
CVE-2023-0089
The webutils in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below...
CVE-2023-0090
The webservices in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all...
Remote code execution
The webutils in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below...
Remote code execution
The webservices in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all...
CVE-2023-0090 Proofpoint Enterprise Protection webservices unauthenticated RCE
The webservices in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all...
CVE-2023-0090
Proofpoint Enterprise Protection (PPS/POD) webservices are affected by CVE-2023-0090: an anonymous user can trigger remote code execution via eval injection, requiring network access to the webservices API (non-default configuration) and impacting all versions 8.20.0 and below. Exploitation detai...
CVE-2023-0089 Proofpoint Enterprise Protection webutils authenticated RCE
The webutils in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below...
CVE-2023-0089
CVE-2023-0089 affects Proofpoint Enterprise Protection (PPS/POD) webutils. An authenticated user can execute remote code through an eval injection vulnerability, impacting all versions ≤ 8.20.0. The issue arises in the webutils component of PPS/POD, enabling high-severity impact (C, I, A: High) a...
Proofpoint Enterprise Protection 代码注入漏洞
Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides functionality to protect e-mail. A code injection vulnerability exists in Proofpoint Enterprise Protection PPS/POD version 8.20.0 and prior versions. An attacker can exploit this vulnerability to remotely execute...
Proofpoint Enterprise Protection 代码注入漏洞
Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides the ability to protect e-mail. A security vulnerability exists in Proofpoint Enterprise Protection PPS/POD version 8.20.0 and prior versions. An attacker can exploit this vulnerability to remotely execute code via...
PT-2023-16005 · Proofpoint · Proofpoint Enterprise Protection
Name of the Vulnerable Software and Affected Versions: Proofpoint Enterprise Protection PPS/POD versions 8.20.0 and below Description: The webservices in Proofpoint Enterprise Protection contain a vulnerability that allows an anonymous user to execute remote code through 'eval injection'...
XWiki 6.3-milestone-2 < 13.10.11, 14.x < 14.4.7, 14.5.x < 14.10 Eval Injection Vulnerability (GHSA-qxjg-jhgw-qhrv)
Xwiki is prone to an eval injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...
XWiki 6.2.4 < 13.10.10, 14.x < 14.4.6, 14.5.x < 14.9 Eval Injection Vulnerability (GHSA-x2qm-r4wx-8gpg)
Xwiki is prone to an eval injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
Impact It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter URL parameter, in combination with additional parameters formtoken=1&action=create. For instance:...
GHSA-X2QM-R4WX-8GPG org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
Impact It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter URL parameter, in combination with additional parameters formtoken=1&action=create. For instance:...
CVE-2023-26477 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter URL parameter, in combination with additional parameters. This has been...
CVE-2023-26477 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter URL parameter, in combination with additional parameters. This has been...