27 matches found
CVE-2025-66474
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...
CVE-2025-66474 XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...
PT-2025-50550
Name of the Vulnerable Software and Affected Versions XWiki versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2, and 17.5.0-rc-1 through 17.5.0 Description The XWiki Rendering system lacks sufficient protection against /html injection. This allows attackers to achieve remote code execution RCE...
CVE-2023-37914
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to...
CVE-2023-29522
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki...
Security update for python311, python-rpm-macros
This update for python311, python-rpm-macros fixes the following issues: python311: - CVE-2024-0450: Fixed zipfile module vulnerability with "quoted-overlap" zipbomb bsc1221854 - CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges bsc1226448 - CVE-2024-0397: Fixed memory race condition...
Remote code execution
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
XWiki Platform 注入漏洞
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. An injection vulnerability exists in XWiki Platform versions 9.6-rc-1 through 14.10.6 and 15.0-rc-1 through 15.2-rc-1, which stems from the fact that any user who can edit...
Remote code execution
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki...
XWiki Platform 注入漏洞
XWiki Platform is a suite of wiki platforms for creating web collaboration applications from the French company XWiki. XWiki Platform suffers from an injection vulnerability that originates from the execution of arbitrary script macros, including Groovy and Python macros that allow remote code...
SUSE-SU-2022:0593-1 Security update for SUSE Manager Server 4.2
This update fixes the following issues: c3p0: - Build with log4j mapper dhcpd-formula: - Update to version 0.1.1641480250.d5bd14c make routers option optional hibernate5: - Fix potential SQL injection CVE-2020-25638 bsc1193832 mgr-libmod: - Version 4.2.7-1 require python macros for building...
SUSE-SU-2022:0311-1 Security Beta update for SUSE Manager Client Tools
This update fixes the following issues: ansible: - Require python macros for building grafana: - Update to version 7.5.12: Fix markdown path traversal 42969, bsc1193688, CVE-2021-43813 - Recreate tarballs using the makefile to update the npm and go modules required - Update to version 7.5.11: Fix...
SUSE-SU-2022:0225-1 Security update for SUSE Manager Server 4.1
This update fixes the following issues: hibernate5: - Fix potential SQL injection CVE-2020-25638 bsc1193832 mgr-libmod: - Version 4.1.10-1 require python macros for building mgr-osad: - Version 4.1.6-1 require python macros for building prometheus-formula: - Version 0.3.5 Add support for new Uyun...
python27:2.7 security and bug fix update
python2 2.7.18-4.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 2.7.18-4 - Security fix for CVE-2021-3177 Resolves: rhbz1919163 2.7.18-3 - Fixes for bundling prefix=/app build in gimp/inkscape containers Resolves: rhbz1907592 2.7.18-2 - Security fix for CVE-2020-26116: Reject...
libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning
It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system...
Fedora 26 : wireshark (2017-5f15bf15cf)
Rebase to the newest upstream version. This release contains mostly bugfixes and no new features. ---- This update enables Lua support and also moves binaries into /usr/bin directory. The bug with scriptlets is resolved by removing the whole alternatives group prior to installing new packages. --...
Intercepting Proxy for Performing Web Application Security Testing: The Pappy Proxy
Intercepting Proxy for Performing Web application security testing The Pappy P roxy A ttack P roxy P rox Y Proxy is an intercepting proxy for performing web application security testing. Its features are often similar, or straight up rippoffs from Burp Suite . However, Burp Suite is neither open...
openSUSE Security Update : samba (openSUSE-SU-2012:0507-1)
" - Add the ldapsmb sources as else patches against them have no chance to apply. - Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the 'root' user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; bso8815...