14 matches found
erb: ERB: Arbitrary code execution via deserialization bypass
A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...
CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class
ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...
CVE-2026-41316
ERB has a deserialization guard for @_init in ERB#result and ERB#run, but public methods ERB#def_method, ERB#def_module, and ERB#def_class were not guarded. The vulnerability arises when Marshal.load is used on untrusted data with erb loaded, allowing code execution via the unguarded paths. Patch...
EUVD-2011-4964
Malware in sbrugna...
CVE-2011-5061
functions.php in WHMCompleteSolution WHMCS 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field...
SPIP 4.2.12 Remote Code Execution Exploit
This Metasploit module exploits a remote code execution vulnerability in SPIP versions up to and including 4.2.12. The vulnerability occurs in SPIP's templating system where it incorrectly handles user-supplied input, allowing an attacker to inject and execute arbitrary PHP code. This can be...
SPIP 4.2.12 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP Unauthenticated RCE via porteplume Plugin', 'Description' = %q This module exploits a Remote Code Execution vulnerability in SPIP versions u...
CVE-2018-14862
Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request...
CVE-2017-7481
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2...
CVE-2017-7481
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2...
Design/Logic Flaw
functions.php in WHMCompleteSolution WHMCS 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field...
CVE-2011-5061
CVE-2011-5061 affects WHMCS (WHMCompleteSolution) 4.0.x–5.0.x. The vulnerability lies in functions.php allowing remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket with weaponized subject data, due to improper handling of characters....
mivaXSS.txt
MIVA Merchant 5 is vulnerable to XSS attack. Users can use javascript to embed their own inputs into the MM5 screens and checkout pages overriding various store safeguards and functions. MIVA Corporation has been very cooperative and has already posted an update to their software entitled core-4...
XSS Vulnerability in MIVA Merchant 5 - Includes Fix
MIVA Merchant 5 is vulnerable to XSS attack. Users can use javascript to embed their own inputs into the MM5 screens and checkout pages overriding various store safeguards and functions. MIVA Corporation has been very cooperative and has already posted an update to their software entitled core-4...