CVE-2024-20461 Cisco ATA 190 Series Analog Telephone Adapter Firmware Command Injection Vulnerability

A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is not properly sanitized. An attacker could exploit...

Cross site scripting

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended...

CVE-2024-27140

Apache Archiva is affected by a Cross-site Scripting (XSS) issue described as Improper Neutralization of Input During Web Page Generation. The vulnerability affects Archiva versions 2.0.0 and later, with the project stated as retired and no plan for a fix. Practical impact is an XSS risk in web p...

Command Injection

shescape is vulnerable to command injection. White spaces are not escaped for the escape or escapeAll functions with the interpolation option set to true on Bash, Dash, and Zsh on Unix and Powershell on Windows systems, allowing an attacker to inject malicious characters...

CLSA-2022-1656430292 Fixed CVEs in curl: CVE-2022-27780, CVE-2022-27782, CVE-2022-27781

CVE-2022-27782: check additional TLS or SSH connection parameters that should have prohibited connection reuse - CVE-2022-27781: add limit of certificates which can be traversed breaking possible infinite loop - CVE-2022-27780: exclude malicious characters from url to prevent incorrect address...

CVE-2022-31038

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 DisplayName does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes DisplayName...

Path Traversal

elfinder.netcore is vulnerable to path traversal. Lack of sanitization of user-provided data to the Path.Combine... method allows attacker to input malicious characters to access files and directories outside the destination folder...

Cross-site Scripting (XSS)

gon is vulnerable to cross-site scripting XSS attacks. Lack of sanitization of malicious characters within the JSON data in jsondumper.rb allows a malicious user to inject and execute arbitrary javascript in a user's browser...

CRLF Injection

Twisted is vulnerable to CRLF injection. It does not validate URL in the request sent by HTTP clients, allowing an attacker to inject malicious characters such as CRLF...

Ruby Base64 Encoder

This encoder returns a base64 string encapsulated in eval%base64 encoded string.unpack%m0.first. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby Base64 Encoder', 'Description' = %q This...