126 matches found
CVE-2021-21646
Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...
CVE-2021-21646
The CVE-2021-21646 entry concerns the Jenkins Templating Engine Plugin, version 2.1 and earlier. The underlying issue is failure to protect pipeline configurations with the Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the Jenkins controller...
Jenkins Templating Engine Plugin 安全漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Templating Engine Plugin in version 2.1 and earlier versions of a security vulnerability , the vulnerability...
PT-2021-14689 · Jenkins · Script Security Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Templating Engine Plugin versions 2.1 and earlier Description: The issue allows attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. This is due to the lack of protection for...
CVE-2015-5215
The default configuration of the Jinja templating engine used in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via template variables. NOTE: This may be a duplica...
Cross site scripting
DISPUTED The default configuration of the Jinja templating engine used in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via template variables. NOTE: This may be ...
TYPO3 FLUID Templating Engine Cross-Site Scripting Vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. FLUID Templating Engine is one of the templating engines.A cross-site scripting vulnerability exists in FLUID Templating Engine in TYPO3 versions prior to 4.3.4 and 4.4.x versions prior to...
drupal -- Drupal core - Moderately critical
Drupal Security Team reports: CVE-2019-10909: Escape validation messages in the PHP templating engine. CVE-2019-10910: Check service IDs are valid. CVE-2019-10911: Add a separator in the remember me cookie hash. jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue...
CVE-2018-19509
wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS...
Cross site scripting
wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS...
CVE-2016-10619
pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10619
pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10619
pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10619
CVE-2016-10619 concerns pennyworth, a natural language templating engine that downloads data resources over HTTP, making it vulnerable to MITM attacks. The connected advisories confirm that insecure HTTP resource loading can allow an attacker with a privileged network position to modify/read reso...
SOL16794 - CUPS vulnerabilities CVE-2015-1158 / CVE-2015-1159
CVE-2015-1158 A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded, which in...
USN-2629-1 cups vulnerabilities
It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code. CVE-2015-1158 It was discovered that the CUPS templating...
ZPanel templateparser.class.php - Crafted Template Remote Command Execution
No description provided by source. Hi all, There's an arbitrary PHP code execution in ZPanel, a free and open-source shared hosting control panel. Using the included zsudo binary, access can be escalated and commands can be run as root. The vulnerability: ZPanel uses a poor templater system that...
ZPanel Crafted Template Remote Command Execution Vulnerability
Exploit for php platform in category web applications There's an arbitrary PHP code execution in ZPanel, a free and open-source shared hosting control panel. Using the included zsudo binary, access can be escalated and commands can be run as root. The vulnerability: ZPanel uses a poor "templater"...
ZPanel - templateparser.class.php Crafted Template Remote Command Execution
ZPanel - templateparser.class.php Crafted Template Remote Command Execution Hi all, There's an arbitrary PHP code execution in ZPanel, a free and open-source shared hosting control panel. Using the included zsudo binary, access can be escalated and commands can be run as root. The vulnerability:...
Debian DSA-2267-1 : perl - restriction bypass
It was discovered that Perl's Safe module - a module to compile and execute code in restricted compartments - could be bypassed. Please note that this update is known to break Petal, an XML-based templating engine shipped with Debian 6.0/Squeeze in the package libpetal-perl, see bug 582805 for...