CVE-2026-22683

Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the backend API. Although Operators are documented and priced as unable to create or modify entities,...

EUVD-2026-19747

Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the backend API. Although Operators are documented and priced as unable to create or modify entities,...

CVE-2026-22683 Windmill < 1.615.0 Operator Role Missing Authorization Checks RCE

Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the backend API. Although Operators are documented and priced as unable to create or modify entities,...

CVE-2025-20358

A vulnerability in the Contact Center Express CCX Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authenticatio...

CVE-2025-20358

A vulnerability in the Contact Center Express CCX Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authenticatio...

CVE-2025-20358 Cisco Unified Contact Center Express Editor Authentication Bypass Vulnerability

A vulnerability in the Contact Center Express CCX Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authenticatio...

CVE-2025-20358

CVE-2025-20358 applies to Cisco Unified CCX: CCX Editor authentication bypass due to improper authentication in the CCX Editor–Unified CCX server communication. An unauthenticated remote attacker could redirect the authentication flow to a malicious server and trick the editor into granting admin...

CVE-2025-20358 Cisco Unified Contact Center Express Editor Authentication Bypass Vulnerability

A vulnerability in the Contact Center Express CCX Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authenticatio...

CVE-2020-11753

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default making this not...

CVE-2017-11154

Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter...

Microsoft Internet Explorer DoS

Crash on recursive script creation with createElement...

Fedora Core 6 : openldap-2.3.30-3.fc6 (2007-741)

Fri Nov 2 2007 Jan Safranek 2.3.30-3.fc6 - add ldconfig to devel post/postun bz240253 - do not create script in /tmp on startup bz188298 - start slupd for each replicated database bz210155 - fix security issues 359851 and 359861 Note that Tenable Network Security has extracted the preceding...

lsmcode.txt

mkdirhier /tmp/aap/bin export DIAGNOSTICS=/tmp/aap cat /tmp/aap/bin/Dctrl EOF !/bin/sh cp /bin/sh /tmp/.shh chown root:system /tmp/.shh chmod u+s /tmp/.shh EOF chmod a+x /tmp/aap/bin/Dctrl lsmcode /tmp/.shh...

Sean MacGuire Big Brother 1.01.31.4 - CGI File Creation

Sean MacGuire Big Brother 1.01.31.4 - CGI File Creation source: https://www.securityfocus.com/bid/1494/info A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly...

GLIBC 2.1.3 - &#039;LD_PRELOAD&#039; Local Privilege Escalation

!/bin/tcsh przyklad wykorzystania dziury w LDPRELOAD shadow tested on redhat 6.0, should work on others if -e /etc/initscript echo uwaga: /etc/initscript istnieje cd /lib umask 0 setenv LDPRELOAD libSegFault.so setenv SEGFAULTOUTPUTNAME /etc/initscript echo czekaj... to moze chwile potrwac... whi...

WU-FTPD 2.4.2/2.5 .0/2.6.0/2.6.1/2.6.2 - FTP Conversion

source: https://www.securityfocus.com/bid/2240/info Some FTP servers provide a "conversion" service that pipes a requested file through a program, for example a decompression utility such as "tar", before it is passed to the remote user. Under some configurations where this is enabled a remote us...