96 matches found
Command injection
Exposed Erlang Cookie could lead to Remote Command Execution RCE attack. Communication between Erlang nodes is done by exchanging a shared secret aka "magic cookie". There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlan...
CVE-2020-6366
SAP NetWeaver Compare Systems versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service...
Semrush: Persistent CSV injection
Hi Team, https://www.semrush.com/notes is vulnerable to persistent csv injection stored csv injection POC: 1 Login into application and open https://www.semrush.com/notes 2 click on "Add note" button 3 And enter csv injection payloads like =4+4, =HYPERLINK"http://evil.com", "EVIL" and click on sa...
CVE-2018-6074
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page...
CVE-2018-6074
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page...
Design/Logic Flaw
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page...
CVE-2018-6074
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page...
CVE-2018-6074
Removed by vendor...
Command Injection in git-dummy-commit
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...
CVE-2018-3785
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...
Command injection
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...
CVE-2018-3785
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...
CVE-2018-3785
CVE-2018-3785 affects git-dummy-commit v1.3.0, where an unescaped parameter allows command injection to execute OS commands. Several sources confirm the issue is a command-injection in the msg/filename handling, enabling remote or local command execution depending on context. Impact is high (OS-l...
CVE-2018-3785
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...
CVE-2018-1245
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component ACM. A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a...
Authorization
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component ACM. A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a...
Firewall and Privatizing Proxy: macOS Fortress
macOS-Fortress is a Firewall, Blackhole, and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers. It is Kernel-level, OS-level, and client-level security for macOS. Built to address a steady stream of attacks visible on snort and server logs, as well as blocks ads, malicious...
CVE-2018-1182
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels hardware appliance and software bundle deployments only; RSA Via Lifecycle and Governance version 7.0, all patch levels hardware appliance and software bundle deployments only; RSA Identit...
Design/Logic Flaw
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels hardware appliance and software bundle deployments only; RSA Via Lifecycle and Governance version 7.0, all patch levels hardware appliance and software bundle deployments only; RSA Identit...
CVE-2018-1182
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels hardware appliance and software bundle deployments only; RSA Via Lifecycle and Governance version 7.0, all patch levels hardware appliance and software bundle deployments only; RSA Identit...