18 matches found
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the check field in metadata files due to unsafe execution using /bin/bash -c. An attacker can craft malicious metadata that executes arbitrary shell commands on the victim’s system when common uniget operations suc...
uniget is Vulnerable to Command Injection in tool.Check Leading to Arbitrary Code Execution
I discovered a command injection vulnerability in uniget that allows arbitrary command execution through the metadata loading and version check mechanism. Summary A command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c...
EUVD-2007-3527
Malware in sbrugna...
EUVD-2022-5403
Malicious code in bioql PyPI...
EUVD-2022-7534
Malicious code in bioql PyPI...
CVE-2025-53621
CVE-2025-53621 : DSpace prior to 7.6.4, 8.2, and 9.1 is vulnerable to XML External Entity (XXE) injection during archive imports (SAF) or when handling XML from upstream services. The issue arises because external entities are not disabled during XML parsing, enabling a trusted administrator to t...
DEBIAN-CVE-2022-2582
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...
UBUNTU-CVE-2022-2582
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...
CVE-2022-2582 Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...
GHSA-VQ76-5GHR-9P4V Openstack Manila Persistent XSS in Metadata field
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
DEBIAN-CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
openstack-manila-ui: persistent XSS in metadata field
A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this...
openstack-manila-ui: persistent XSS in metadata field
A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this...
openstack-manila-ui: persistent XSS in metadata field
A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this...
CVE-2007-3543
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the wpattachedfile metadata field; and then sending this file's content, alo...