Lucene search
K

146 matches found

CNNVD
CNNVD
added 2021/12/02 12:0 a.m.5 views

Crafter CMS 安全漏洞

Crafter CMS is an open source content management system CMS for digital experience applications.An expression injection vulnerability exists in Crafter CMS, which stems from the failure of a network system or product to properly filter special elements in code segments constructed from external...

7.2CVSS6.2AI score0.00703EPSS
Exploits0References3
OSV
OSV
added 2021/10/04 8:14 p.m.2 views

GHSA-XPV2-8PPJ-79HH Expression injection in AviatorScript

AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library BCEL...

9.8CVSS6.3AI score0.01874EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2021/10/04 8:14 p.m.85 views

Expression injection in AviatorScript

AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library BCEL...

9.8CVSS5.5AI score0.01874EPSS
Exploits1References3Affected Software1
Hacker One
Hacker One
added 2021/05/13 4:53 p.m.89 views

GitHub Security Lab: [Python] CWE-400: Regular Expression Injection

This bug was reported directly to GitHub Security Lab...

1.5AI score
Exploits0
OSV
OSV
added 2021/02/10 2:31 a.m.26 views

GHSA-29Q4-GXJQ-RX5C Remote Code Execution in SCIMono

Impact It is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system. Patches The issue was fixed on 0.0.19 version...

9.1CVSS6AI score0.09993EPSS
Exploits0References4
Hacker One
Hacker One
added 2021/02/05 6:9 a.m.132 views

FetLife: Stored XSS via Angular Expression injection via Subject while starting conversation with other users.

The reporter pointed out that the Subject field for sending private messages using FetLife's onsite chat was vulnerable to a stored XSS exploit, allowing people to execute potentially malicious contents on the receiving end of the message...

6.4AI score
Exploits0
CNNVD
CNNVD
added 2020/11/24 12:0 a.m.8 views

Apache Unomi 注入漏洞

Apache Unomi is a java open source client data platform that can be used on multiple systems to manage user profiles and the data associated with that profile, Unomi was announced as a top Apache project in 2019. Since Apache Unomi is built as an OSGi application running in Apache Karaf, it is...

9.8CVSS8.1AI score0.68398EPSS
Exploits9References10
CNVD
CNVD
added 2020/11/23 12:0 a.m.7 views

Apache Unomi Remote Code Execution Vulnerability

Apache Unomi is a java open source client data platform that can be used on multiple systems to manage user profiles and the data associated with that profile, Unomi was announced as a top Apache project in 2019. Since Apache Unomi is built as an OSGi application running in Apache Karaf, it is...

9.8CVSS8.2AI score0.68398EPSS
Exploits9References1
OSV
OSV
added 2020/10/19 6:15 p.m.3 views

CVE-2020-7186

A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

8.8CVSS7.8AI score0.03213EPSS
Exploits0References1
OSV
OSV
added 2020/10/19 6:15 p.m.3 views

CVE-2020-7167

A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

9.8CVSS7.8AI score0.06613EPSS
Exploits0References1
OSV
OSV
added 2020/10/19 6:15 p.m.5 views

CVE-2020-7174

A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

8.8CVSS7.8AI score0.03213EPSS
Exploits0References1
OSV
OSV
added 2020/10/19 6:15 p.m.4 views

CVE-2020-7159

A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

9.8CVSS6.3AI score0.06613EPSS
Exploits0References1
Prion
Prion
added 2020/10/19 6:15 p.m.23 views

Remote code execution

A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

9CVSS9AI score0.03213EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/08/20 1:17 a.m.36 views

CVE-2020-15146

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...

9.6CVSS9.6AI score0.02149EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.475 views

VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution

Exploit Title: VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...

8.8CVSS8.8AI score0.211EPSS
Exploits11
Packet Storm
Packet Storm
added 2020/06/02 12:0 a.m.325 views

vCloud Director 9.7.0.15498291 Remote Code Execution

!/usr/bin/python Exploit Title: vCloud Director - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...

6.5CVSS0.4AI score0.211EPSS
Exploits11
Exploit DB
Exploit DB
added 2020/06/02 12:0 a.m.216 views

vCloud Director 9.7.0.15498291 - Remote Code Execution

!/usr/bin/python Exploit Title: vCloud Director - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...

8.8CVSS8.8AI score0.211EPSS
Exploits11
Veracode
Veracode
added 2020/05/18 6:5 a.m.57 views

EL Expression Injection

hibernate-validator is vulnerable to EL Expression Injection. The vulnerability exists as the value of modType in the validation message is improperly evaluated with $...

5.3CVSS2.8AI score0.02294EPSS
Exploits0References11Affected Software272
CNVD
CNVD
added 2019/06/06 12:0 a.m.3 views

HPE Intelligent Management Center (IMC) quickTemplateSelect Expression Language Injection Remote Code Execution Vulnerability

HPE Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Failure, Configuration, Accounting, Performance and Security FCAPS model. A quickTemplateSelect expression language injection remote code execution vulnerability exists in HPE...

9CVSS8.6AI score0.0364EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/05/30 12:0 a.m.35 views

Hewlett Packard Enterprise Intelligent Management Center devSoftSel Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

8.8CVSS3AI score0.0364EPSS
Exploits0References1
Rows per page
Query Builder