EUVD-2005-1105

Malware in sbrugna...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' through the use of template functions env and expandenv, which are enabled by default. An attacker can extract sensitive system data,...

CVE-2024-36361

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...

Server-Side Template Injection

getgrav/grav is vulnerable to Server-Side Template Injection. The vulnerability is due to insufficient sandboxing and validation of user-defined Twig template functions and filters, allowing authenticated users to execute arbitrary code on the server...

JFinal 安全漏洞

JFinal is a Java language based WEB + ORM open source framework. A security vulnerability exists in JFinal version v.4.9.08, which originated from allowing remote attackers to execute arbitrary code via template functions...

SUSE CVE-2013-1640

The 1 template and 2 inlinetemplate functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request...

npm underscore 代码注入漏洞

npm underscore is an application from the US-based npm Inc. a JavaScript utility library that provides support for common suspicious functions without extending any core JavaScript objects. A code injection vulnerability exists in npm underscore, which can be exploited by an attacker to easily...

WordPress 1.5 template-functions-post.php Multiple Field XSS

...

DEBIAN-CVE-2013-1640

The 1 template and 2 inlinetemplate functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request...

DEBIAN-CVE-2006-1796

Cross-site scripting XSS vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI $SERVER'REQUESTURI'...

Cross site scripting

Cross-site scripting XSS vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI $SERVER'REQUESTURI'...

CVE-2006-1796

WordPress 1.5.2 (and possibly earlier than 2.0.1) is affected by an XSS in the paging links (template-functions-links.php). The vulnerability allows remote attackers to inject arbitrary script/HTML into IE users via the request URI ($_SERVER['REQUEST_URI']). Impact is cross-site scripting with pa...

WordPress 'template-functions-category.php' 'cat_ID' Parameter SQL Injection

The version of WordPress installed on the remote host fails to properly sanitize user-supplied input to the 'catID' variable in the 'template-functions-category.php' script. This failure may allow an attacker to influence database queries resulting in the disclosure of sensitive information. Note...

CVE-2005-1810

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...

DEBIAN-CVE-2005-1810

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...

CVE-2005-1810

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...

WordPress <=1.5 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Because of these vulnerabilities in template-functions-post.php, attackers can execute arbitrary commands via the title of the post or content. Solution Update WordPress to the latest possible version...