792 matches found
CVE-2022-29221
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...
UBUNTU-CVE-2022-29221
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...
CVE-2022-29221
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...
CVE-2022-29221
CVE-2022-29221 affects the Smarty PHP template engine. Before versions 3.1.45 and 4.1.1, template authors could inject PHP code by using a malicious {block} name or {include} file name. This could allow code execution in untrusted templates. Affected users should upgrade to Smarty 3.1.45 or 4.1.1...
CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...
CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...
CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...
GHSA-JHM7-38XJ-PVM8 Cobbler is vulnerable to code injection
templateapi.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a...
Cobbler is vulnerable to code injection
templateapi.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a...
automad cross-site scripting vulnerability
automad is a flat file content management system and template engine. automad version 1.10.9 and prior versions contain a cross-site scripting vulnerability that can be exploited by attackers to cause cross-site scripting attacks...
GHSA-4CVM-5776-JX9F Ansible Arbitrary Code Execution
User module in ansible before 1.6.6 is vulnerable to command execution. Ansible can get the result of remote command in variable, which may come from untrusted source of input. If the content of variable isn't properly filtered and when attempting to use the variable, it will trigger a function...
Ansible Arbitrary Code Execution
User module in ansible before 1.6.6 is vulnerable to command execution. Ansible can get the result of remote command in variable, which may come from untrusted source of input. If the content of variable isn't properly filtered and when attempting to use the variable, it will trigger a function...
Debian DLA-2995-1 : smarty3 - LTS security update
The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2995 advisory. Smarty3, a template engine for PHP, allowed template authors to run restricted static php methods. The same authors could also run arbitrary PHP code by crafting a...
[SECURITY] [DLA 2995-1] smarty3 security update
Debian LTS Advisory DLA-2995-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 05, 2022 https://wiki.debian.org/LTS Package : smarty3 Version : 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u5 CVE ID : CVE-2021-21408 CVE-2021-29454 Debian Bug : 1010375 Smarty3, a...
GHSA-FV3M-XHQW-9M79 ballcat-codegen template engine remote code execution injection
Impact Ballcat Codegen provides the function of online editing code to generate templates. In version 1.0.0.beta.2, since Velocity and freemarker templates are introduced but input verification is not done, attackers can implement remote code execution through malicious code injection of the...
ballcat-codegen template engine remote code execution injection
Impact Ballcat Codegen provides the function of online editing code to generate templates. In version 1.0.0.beta.2, since Velocity and freemarker templates are introduced but input verification is not done, attackers can implement remote code execution through malicious code injection of the...
CVE-2022-24881
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...
Code injection
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...
CVE-2022-24881 Command Injection in Ballcat Codegen
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...
edge.js cross-site scripting vulnerability
edge.js is the Node.js template engine. edges.js versions prior to 5.3.2 have a cross-site scripting vulnerability that stems from a type obfuscation vulnerability that can be exploited to bypass input cleanup when the input to be rendered is an array, even if is used, and can be used by attacker...