CVE-2022-27133

zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php...

Sql injection

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php...

Arbitrary file deletion

zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php...

CVE-2022-27462

Cross Site Scripting XSS vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php...

CVE-2022-1120

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration...

UBUNTU-CVE-2022-1120

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration...

PT-2022-13670 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 14.7.7 GitLab CE/EE versions 14.8 prior to 14.8.5 GitLab CE/EE versions 14.9 prior to 14.9.2 Description: The issue concerns missing filtering in an error message, which exposes sensitive information when an...

Command Injection

asciidoctor-include-ext is vulnerable to Command Injection. The library renders user-supplied input in AsciiDoc markup, which allows an attacker to execute arbitrary system commands on the host operating system when the allow-uri-read is disabled...

CVE-2022-24803

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

DEBIAN-CVE-2022-24803

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

Design/Logic Flaw

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

CVE-2022-24803

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

UBUNTU-CVE-2022-24803

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

GitLab Community Edition和GitLab Enterprise Edition 信息泄露漏洞

GitLab Enterprise Edition is a content management system.GitLab Community Edition is a community edition of GitLab by GitLab, Inc. An information disclosure vulnerability exists in GitLab Community Edition CE and Enterprise Edition EE due to a lack of filtering in error messages. When the include...

CVE-2022-24803

CVE-2022-24803 concerns the Asciidoctor-include-ext extension (pre-0.4.0) that processes user-supplied input in AsciiDoc. The root cause is a command-injection risk in the include extension, allowing arbitrary system commands on the host OS, even when allow-uri-read is disabled. The issue is miti...

CVE-2022-24803 Command Injection vulnerability in asciidoctor-include-ext

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

CVE-2022-24803

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

CVE-2022-24803 Command Injection vulnerability in asciidoctor-include-ext

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

Command Injection

Overview asciidoctor-include-ext is a reimplementation of the Asciidoctor's built-in preprocessor for the include:: directive in extensible and more clean way. Affected versions of this package are vulnerable to Command Injection. Applications using Asciidoctor with asciidoctor-include-ext, which...

GHSA-V222-6MR4-QJ29 Command Injection vulnerability in asciidoctor-include-ext

Impact Applications using Asciidoctor Ruby with asciidoctor-include-ext prior to version 0.4.0, which render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when allow-uri-read is disable...