99 matches found
CVE-2021-23337
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...
CVE-2021-23337
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...
DEBIAN-CVE-2021-23337
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...
Command injection
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...
CVE-2021-23337 Command Injection
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...
CVE-2021-23337
CVE-2021-23337 (Lodash) affects Lodash versions prior to 4.17.21, vulnerable to Command Injection via the template function. Affected component: lodash.template; root cause: unsafe template evaluation. Impact per document: potential code execution with privileges of the running environment. Mitig...
CVE-2021-23337
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...
Code Injection
Overview Affected versions of this package are vulnerable to Code Injection due the improper validation of options.variable key names in .template. An attacker can execute arbitrary code at template compilation time by injecting malicious expressions. If Object.prototype has been polluted,...
Remote Code Execution (RCE)
access-policy is vulnerable to remote code execution RCE. The attack is possible because user-provided data is directly executed by the eval in the template function without validation...
CVE-2020-7674
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...
Remote code execution
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...
CVE-2020-7674
CVE-2020-7674 affects access-policy up to version 3.1.0. The vulnerability is caused by user input passed to the template function being executed by eval, enabling arbitrary code execution. Affected component: access-policy encoder/parser. Impact is Arbitary Code Execution with the exact exploita...
CVE-2020-11013
Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. lookup is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be us...
CVE-2020-11013
The CVE-2020-11013 issue affects Helm before 3.2.0, where the template function lookup can perform cluster lookups during helm template, helm install/update/delete/rollback --dry-run, potentially disclosing information from the cluster via template output. Helm 2 is unaffected. The root cause is ...
PT-2020-12493 · Helm +1 · Helm +1
Name of the Vulnerable Software and Affected Versions: Helm versions 3.0.0 through 3.1.2 Description: There is an information disclosure issue in Helm. The lookup template function, introduced in Helm v3, can lookup resources in the cluster to check for the existence of specific resources and get...
CVE-2018-20673
The demangletemplate function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability for "Create an array for saving the template argument values" that can trigger a heap-based buffer overflow, as demonstrated by nm...
Accellion File Transfer Appliance Path Traversal Vulnerability
Accellion File Transfer Appliance FTA is a file transfer solution from Accellion USA. The solution supports file transfer, file sharing, file transfer tracking and reporting, and more. A directory traversal vulnerability exists in the 'template' function of the functions.inc file in versions of...
Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross Site Scripting Vulnerability
Exploit for windows platform in category web applications Vulnerability type: Multiple Stored Cross Site Scripting Vendor: Quali Product: CloudShell Affected version: v7.1.0.6508 Patch 6 Patched version: v8 and up Credit: Benjamin Lee CVE ID: CVE-2017-9767...
flexbb-sql.txt
!/usr/bin/perl use Tk; use Tk::BrowseEntry; use Tk::DialogBox; use LWP::UserAgent; $mw = new MainWindowtitle = "UnderWHAT?!" ; $mw-geometry '420x343' ; $mw-resizable0,0; $mw-Label-text = '', -font = 'Verdana 8',-foreground='red'-pack; $mw-Label-text = 'FlexBB 'Tahoma 7 bold',-foreground='red'-pac...