Imperative CLI vulnerable to Command Injection

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

GHSA-6Q8M-42QQ-64R7 Imperative CLI vulnerable to Command Injection

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

Design/Logic Flaw

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

CVE-2021-4326 affects the Imperative framework used by Zowe CLI. Root cause: insecure usage of execSync and handling of environment variables enables a local, already-privileged actor to run arbitrary shell commands via plugin install/update commands or via maliciously formed environment variable...

CVE-2021-4326 Imperative Local Command Injection allows Activity Masking

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

PT-2023-12422 · Zowe Cli +1 · Zowe Cli +1

Name of the Vulnerable Software and Affected Versions: Imperative framework affected versions not specified Zowe CLI affected versions not specified Description: A vulnerability in the Imperative framework allows already-privileged local actors to execute arbitrary shell commands via plugin...

SUSE CVE-2006-2784

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is use...

GHSA-C3Q8-HH69-7MG5 Codiad SSRF Vulnerability

A Server-Side Request Forgery SSRF vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the...

Codiad SSRF Vulnerability

A Server-Side Request Forgery SSRF vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the...

WordPress JS Jobs Manager 1.1.7 Authorization Bypass

Exploit Title: Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation Google Dork: inurl:/wp-content/plugins/js-jobs/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/js-jobs/ Version: spacehen www.github.com/spacehen" def...

WordPress WP Content Copy Protection & No Right Click Plugin < 3.1.5 Arbitrary Plugin Install Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2020-26278

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...

Atlassian Crowd 2.1.x < 3.0.5 / 3.1.x < 3.1.6 / 3.2.x < 3.2.8 / 3.3.x < 3.3.5 / 3.4.x < 3.4.4 RCE Vulnerability

The version of Atlassian Crowd installed on the remote host is 2.1.x prior to 3.0.5, 3.1.x prior to 3.1.6, 3.2.x prior to 3.2.8, 3.3.x prior to 3.3.5 or 3.4.x prior to 3.4.4. It is, therefore, affected by a remote code execution RCE vulnerability. An unauthenticated, remote attacker can exploit...

Multiple Cross-Site Request Forgery Vulnerabilities in Jenkins

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Jenkin...

Big Forum 5.2v Arbitrary File Upload & LFI Vulnerability

No description provided by source. = Big Forum 5.2v Arbitrary File Upload & Local File Inclusion Vulnerability = Author : Zer0 Thunder = Home : http://colombohackers.com = Download : http://sourceforge.net/projects/npage-bigforum/files/bigforum%205.2/bf5.2.zip/download = Date : 06/24/2010 Arbitra...

Big Forum 5.2 - Arbitrary File Upload Local File Inclusion

Big Forum 5.2 - Arbitrary File Upload Local File Inclusion = Big Forum 5.2v Arbitrary File Upload & Local File Inclusion Vulnerability = Author : Zer0 Thunder = Home : http://colombohackers.com = Download : http://sourceforge.net/projects/npage-bigforum/files/bigforum%205.2/bf5.2.zip/download =...

security flaw

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is use...