GHSA-C2GG-4GQ4-JV5J XWiki Platform remote code execution from account through UIExtension parameters

Impact Parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and...

CVE-2024-3566 Command injection vulnerability in programing languages on Microsoft Windows operating system.

A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied...

Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks

A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are...

Multiple programming languages fail to escape arguments properly in Microsoft Windows

Overview Various programming languages lack proper validation mechanisms for commands and in some cases also fail to escape arguments correctly when invoking commands within a Microsoft Windows environment. The command injection vulnerability in these programming languages, when running on Window...

PT-2024-24337 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 6.4-milestone-1 through 4.10.18 XWiki Platform versions prior to 15.5.4 XWiki Platform versions prior to 15.10-rc-1 Description: The XWiki Platform is affected by a remote code execution issue. This issue arises from t...

CVE-2024-24576

Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...

CVE-2024-24576

CVE-2024-24576 affects Rust’s standard library on Windows where Command::arg/args escaping for batch files was not thorough enough. This could allow arbitrary shell commands when untrusted input is passed to batch file invocations via cmd.exe, enabling LPE/RCE scenarios as described in PoC and pu...

ROS-20240409-02

Vulnerability of the hmac.comparedigest function of the Lib/hmac.py library of the programming language interpreter Python is related to synchronization errors when using a shared resource "Race Situation". Exploitation of the vulnerability could allow an attacker acting remotely to escalate thei...

Siemens SINEC NMS 路径遍历漏洞

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A path traversal vulnerability exists in Siemens SINEC NMS versions...

CVE-2023-52541

Authentication vulnerability in the API for app pre-loading. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

PT-2024-14549 · Unknown · Activitymanagerservice

Name of the Vulnerable Software and Affected Versions: ActivityTaskManagerService module affected versions not specified Description: The issue concerns a vulnerability of permission verification in some APIs within the ActivityTaskManagerService module. Successful exploitation of this...

Ruby Programming Language Installed (Windows)

Binary data rubywininstalled.nbin...

ROS-20240408-02

A vulnerability in the net/html library of the Go programming language exists due to a failure to take measures to protect the structure of a web page. the structure of the web page. Exploitation of the vulnerability could allow an attacker acting remotely, conduct cross-site scripting attacks...

ROS-20240404-10

A vulnerability in the Rack module of the Ruby programming language interpreter is associated with uncontrolled consumption of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

CVE-2023-45288

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

ROS-20240402-20

A vulnerability in the Cargo package manager of the Rust programming language is associated with incorrect verification of the of the cryptographic signature. Exploitation of the vulnerability could allow an attacker acting remotely, affect the integrity of protected information via SSH protocol...

PT-2024-2667

Name of the Vulnerable Software and Affected Versions Flowmon versions prior to 11.1.14 and 12.3.5 Description A command injection vulnerability has been identified in Flowmon, allowing an unauthenticated user to gain entry to the system via the management interface and execute arbitrary system...

ROS-20240402-17

A vulnerability in the net/http package of the Go programming language is related to information disclosure. vulnerability could allow a remote attacker to disclose protected information. A vulnerability in the cmd-go component of the Go programming language is related to public data transmission...

ROS-20240329-10

Vulnerability of http2 package of Go programming language is related to uncontrolled server resources consumption as a result of resetting Server.MaxConcurrentStreams parameter during request stream processing. as a result of resetting the Server.MaxConcurrentStreams parameter when processing a...

WordPress Plugin Contact Form to Any API SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...