23 matches found
EUVD-2026-30544
Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.runString expression, String type, Map context evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions...
PT-2026-41304
Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.runString expression, String type, Map context evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions...
CVE-2026-39052
CVE-2026-39052 affects Oinone Pamirs 7.0.0. The vulnerability is a code execution flaw where ScriptRunner.run(String expression, String type, Map context) evaluates attacker‑controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions. The root c...
CVE-2026-39052
Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.runString expression, String type, Map context evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions...
EUVD-2023-32555
Malicious code in bioql PyPI...
EUVD-2022-47000
Malicious code in bioql PyPI...
CVE-2023-28937
DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and...
CVE-2022-44038
Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component...
CVE-2023-28937
DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and...
CVE-2023-28937
DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and...
Hardcoded credentials
DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and...
PT-2023-22047 · Unknown · Scriptrunner For Amazon Sqs +2
Name of the Vulnerable Software and Affected Versions: DataSpider Servista versions 4.4 and earlier Description: The issue concerns the use of a hard-coded cryptographic key in DataSpider Servista, which is data integration software. This key is embedded in ScriptRunner and ScriptRunner for Amazo...
CVE-2023-28937
DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and...
CVE-2023-28937
DataSpider Servista 4.4 and earlier is affected by a vulnerability where a cryptographic key is hard-coded into ScriptRunner and ScriptRunner for Amazon SQS. If an attacker with access to a target DataSpider Servista instance can obtain a Launch Settings file, they may operate with the user’s enc...
CVE-2023-28937
DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and...
JVN#38222042: DataSpider Servista uses a hard-coded cryptographic key
DataSpider Servista provided by SAISON INFORMATION SYSTEMS CO.,LTD. is a data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazon SQS,...
Jira Scriptrunner 2.0.7 - CSRF/RCE Exploit
No description provided by source. Author Ben 'highjack' Sheppard Title Jira Scriptrunner 2.0.7 = CSRF/RCE Twitter @highjack Author Url http://bensheppard.net/jira-scriptrunner-2-0-7/ Vendor Url https://marketplace.atlassian.com/plugins/com.onresolve.jira.groovy.groovyrunner Install To use this...
Jira Scriptrunner 2.0.7 CSRF / Code Execution
Author Ben 'highjack' Sheppard Title Jira Scriptrunner 2.0.7 'Jira Scriptrunner 2.0.7 %qThis jira plugin does notuse the built in jira protections websudo or csrf tokens to protect the page from CSRF. This page is supposed to be used by admins to automate tasks, it will accept java code and by...
Jira Scriptrunner 2.0.7 - Cross-Site Request Forgery / Remote Code Execution (Metasploit)
Author Ben 'highjack' Sheppard Title Jira Scriptrunner 2.0.7 'Jira Scriptrunner 2.0.7 %qThis jira plugin does notuse the built in jira protections websudo or csrf tokens to protect the page from CSRF. This page is supposed to be used by admins to automate tasks, it will accept java code and by...
Jira Scriptrunner 2.0.7 <= CSRF/RCE Exploit
Exploit for windows platform in category remote exploits Author Ben 'highjack' Sheppard Title Jira Scriptrunner 2.0.7 'Jira Scriptrunner 2.0.7 %qThis jira plugin does notuse the built in jira protections websudo or csrf tokens to protect the page from CSRF. This page is supposed to be used by...