146 matches found
Crafter CMS 安全漏洞
Crafter CMS is an open source content management system CMS for digital experience applications.An expression injection vulnerability exists in Crafter CMS, which stems from the failure of a network system or product to properly filter special elements in code segments constructed from external...
GHSA-XPV2-8PPJ-79HH Expression injection in AviatorScript
AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library BCEL...
Expression injection in AviatorScript
AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library BCEL...
GitHub Security Lab: [Python] CWE-400: Regular Expression Injection
This bug was reported directly to GitHub Security Lab...
GHSA-29Q4-GXJQ-RX5C Remote Code Execution in SCIMono
Impact It is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system. Patches The issue was fixed on 0.0.19 version...
FetLife: Stored XSS via Angular Expression injection via Subject while starting conversation with other users.
The reporter pointed out that the Subject field for sending private messages using FetLife's onsite chat was vulnerable to a stored XSS exploit, allowing people to execute potentially malicious contents on the receiving end of the message...
Apache Unomi 注入漏洞
Apache Unomi is a java open source client data platform that can be used on multiple systems to manage user profiles and the data associated with that profile, Unomi was announced as a top Apache project in 2019. Since Apache Unomi is built as an OSGi application running in Apache Karaf, it is...
Apache Unomi Remote Code Execution Vulnerability
Apache Unomi is a java open source client data platform that can be used on multiple systems to manage user profiles and the data associated with that profile, Unomi was announced as a top Apache project in 2019. Since Apache Unomi is built as an OSGi application running in Apache Karaf, it is...
CVE-2020-7186
A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
CVE-2020-7167
A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
CVE-2020-7174
A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
CVE-2020-7159
A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
Remote code execution
A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
CVE-2020-15146
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution
Exploit Title: VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...
vCloud Director 9.7.0.15498291 Remote Code Execution
!/usr/bin/python Exploit Title: vCloud Director - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...
vCloud Director 9.7.0.15498291 - Remote Code Execution
!/usr/bin/python Exploit Title: vCloud Director - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...
EL Expression Injection
hibernate-validator is vulnerable to EL Expression Injection. The vulnerability exists as the value of modType in the validation message is improperly evaluated with $...
HPE Intelligent Management Center (IMC) quickTemplateSelect Expression Language Injection Remote Code Execution Vulnerability
HPE Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Failure, Configuration, Accounting, Performance and Security FCAPS model. A quickTemplateSelect expression language injection remote code execution vulnerability exists in HPE...
Hewlett Packard Enterprise Intelligent Management Center devSoftSel Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...