4 matches found
Command Injection
github.com/cea-hpc/sshproxy is vulnerable to Command Injection. The vulnerability is due to missing input santization when constructing the ssh command string, which allows an authorized user to inject options into the ssh command executed by sshproxy...
CVE-2023-41973 Lack of input santization on Zscaler Client Connector enables arbitrary code execution
ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later...
CVE-2023-41973 Lack of input santization on Zscaler Client Connector enables arbitrary code execution
ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later...
phpBB 2.0.3 search.php Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6311/info phpBB is vulnerable to cross site scripting attacks. This is due to insufficient santization of user-supplied input. The problem is located in the search.php script. This issue may be exploited by an attacker to...