UBUNTU-CVE-2024-8374

UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...

CVE-2024-8374

UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...

CVE-2024-8374 Arbitrary Code Injection in Cura

UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...

PHP Hex Encoder

This encoder returns a hex string encapsulated in evalhex2bin, increasing the size by a bit more than a factor two. Module Options msf use encoder/php/hex msf encoderhex show actions ...actions... msf encoderhex set ACTION msf encoderhex show options ...show and set options... msf encoderhex run...

Exploit for Code Injection in Geoserver

GeoExplorer GeoExplorer is a mass scanner project consisting...

CVE-2024-42845

An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file...

CVE-2024-42845

An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file...

CVE-2024-42845

An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file...

CVE-2024-42845

CVE-2024-42845 affects InVesalius 3.1.99991–3.1.99998, where an eval injection in invesalius/reader/dicom.py allows remote code execution by loading a crafted DICOM file. Multiple sources (NVD/NOS, OSV, exploit datasets) corroborate the vulnerability and its exploitation potential, including publ...

CVE-2024-42845

An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file...

PT-2024-6443 · Unknown +1 · Invesalius +1

Name of the Vulnerable Software and Affected Versions: InVesalius versions 3.1.99991 through 3.1.99998 Description: The issue is related to an eval Injection vulnerability in the invesalius/reader/dicom.py component, which allows attackers to execute arbitrary code via loading a crafted DICOM fil...

CVE-2024-42845

An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file...

CVE-2024-43851 soc: xilinx: rename cpu_number1 to dummy_cpu_number

In the Linux kernel, the following vulnerability has been resolved: soc: xilinx: rename cpunumber1 to dummycpunumber The per cpu variable cpunumber1 is passed to xlnxeventhandler as argument "devid", but it is not used in this function. So drop the initialization of this variable and rename it to...

CVE-2024-43851

In the Linux kernel, the following vulnerability has been resolved: soc: xilinx: rename cpunumber1 to dummycpunumber The per cpu variable cpunumber1 is passed to xlnxeventhandler as argument "devid", but it is not used in this function. So drop the initialization of this variable and rename it to...

Medium: python-tqdm

Issue Overview: tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version...

Code Injection

elektra is vulnerable to Code Injection. The vulnerability is due to improper handling of user input in the live search functionality of the Ruby on Rails-based Elektra web application, which allows authenticated users to craft a search term containing Ruby code that flows into an eval call,...

Exploit for Code Injection in Geoserver

CVE-2024-36401-PoC This repository contains a Proof of Conce...

CVE-2024-41961

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which...

CVE-2024-41961

Summary of CVE-2024-41961 (Elektra) : Elektra, a Ruby on Rails-based OpenStack dashboard, contains a code injection vulnerability in its live search functionality. An authenticated user can provide a search term that includes Ruby code, which flows to an eval sink and can execute arbitrary code. ...

CVE-2024-41961 Elektra vulnerable to remote code execution in universal search

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which...