Lucene search
K

465 matches found

Cvelist
Cvelist
added 2018/01/02 5:0 p.m.32 views

CVE-2017-1000453

CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution...

9.9AI score0.01806EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2017/07/27 12:0 a.m.76 views

TYPO3 Formhandler 2.4.0 Cross Site Scripting

Advisory: Cross-Site Scripting in TYPO3 Formhandler Extension RedTeam Pentesting discovered a cross-site scripting vulnerability XSS in the TYPO3 extension Formhandler. Details ======= Product: TYPO3 Formhandler Affected Versions: 2.4.0 and probably earlier Fixed Versions: none, project no longer...

Exploits0
Hacker One
Hacker One
added 2017/07/02 9:42 a.m.25 views

Keybase: Persistent XSS on keybase.io via "payload" field in `/user/sigchain_signature.toffee` template

Issue Keybase allows you to see other users' sigchains by navigating to /sigchain. The "Payload" field containing JSON related to the chainlink on the right side of the page is not correctly escaped during templating, leading to a persistent XSS as users have a high degree of control over the...

6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/06/19 1:34 p.m.50 views

Important: Red Hat Security Advisory: ansible security update

An update for ansible is now available for Red Hat Storage Console 2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

9.8CVSS7.2AI score0.04804EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/06/15 10:27 p.m.8 views

ansible: Security issue with lookup return not tainting the jinja2 environment

An input validation flaw was found in Ansible, where it fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the...

9.8CVSS7.3AI score0.04804EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/05/25 5:13 p.m.7 views

ansible: Security issue with lookup return not tainting the jinja2 environment

An input validation flaw was found in Ansible, where it fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the...

9.8CVSS7.3AI score0.04804EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2017/05/08 12:0 a.m.3 views

PT-2017-3949

Name of the Vulnerable Software and Affected Versions Ansible versions 2.3.1.0 and 2.4.0.0 and earlier Description The issue is related to insufficient input validation in Ansible. An attacker could exploit this by controlling the results of lookup calls, injecting Unicode strings to be parsed by...

9.8CVSS7.7AI score0.04804EPSS
Exploits0References116
OSV
OSV
added 2016/08/23 3:49 p.m.10 views

SUSE-SU-2016:2143-1 Security update for several openstack-components

This update provides the latest code from OpenStack Liberty for openstack-ceilometer, -cinder, -dashboard, -glance, -heat, -keystone, -manila, -neutron, -neutron-fwaas, -neutron-lbaas,-nova, -resource-agents, python-networking-cisco and python-openstackclient. Additionally some security-issues ha...

8.2CVSS5.8AI score0.03411EPSS
Exploits0References11
Kitploit
Kitploit
added 2016/08/05 2:4 a.m.195 views

tplmap - Automatic Server-Side Template Injection Detection and Exploitation Tool

Tplmap short for Template Mapper is a tool that automate the process of detecting and exploiting Server-Side Template Injection vulnerabilities SSTI. This can be used by developers, penetration testers, and security researchers to detect and exploit vulnerabilities related to the template injecti...

9.7AI score
Exploits0References1
Fedora
Fedora
added 2015/12/28 11:58 p.m.9 views

[SECURITY] Fedora 22 Update: nodejs-handlebars-4.0.5-1.fc22

Handlebars.js is an extension to the Mustache templating language created by Chris Wanstrath. Handlebars.js and Mustache are both logicless templating languages that keep the view and the code separated like we all know they s hould be...

1.4AI score
Exploits0
Fedora
Fedora
added 2015/12/28 11:5 p.m.14 views

[SECURITY] Fedora 23 Update: nodejs-handlebars-4.0.5-1.fc23

Handlebars.js is an extension to the Mustache templating language created by Chris Wanstrath. Handlebars.js and Mustache are both logicless templating languages that keep the view and the code separated like we all know they s hould be...

1.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/08/27 12:0 a.m.21 views

Debian DSA-3343-1 : twig - security update

James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier discovered that twig, a templating engine for PHP, did not correctly process its input. End users allowed to submit twig templates could use specially crafted code to trigger remote code execution, even in sandboxed templates...

6.8CVSS5.8AI score0.03398EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2015/06/23 12:0 a.m.83 views

SOL16794 - CUPS vulnerabilities CVE-2015-1158 / CVE-2015-1159

CVE-2015-1158 A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded, which in...

10CVSS5.9AI score0.29913EPSS
Exploits9References6
Cent OS
Cent OS
added 2015/06/18 11:29 a.m.419 views

cups security update

CentOS Errata and Security Advisory CESA-2015:1123 Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

10CVSS6.9AI score0.29913EPSS
Exploits9References7
RedHat Linux
RedHat Linux
added 2015/06/17 9:5 p.m.5 views

cups: cross-site scripting flaw in CUPS web UI (VU#810572)

A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface...

4.3CVSS7AI score0.07297EPSS
Exploits5References4
OSV
OSV
added 2015/06/10 12:52 p.m.10 views

USN-2629-1 cups vulnerabilities

It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code. CVE-2015-1158 It was discovered that the CUPS templating...

10CVSS6.8AI score0.29913EPSS
Exploits9References3
Zero Day Initiative
Zero Day Initiative
added 2014/08/27 12:0 a.m.32 views

CSWorks Software Framework SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CSWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the data source templating. CSWorks does not properly sanitize or validate the data used to...

7.5CVSS8.1AI score0.02505EPSS
Exploits0References1
Fedora
Fedora
added 2014/07/28 3:24 a.m.56 views

[SECURITY] Fedora 19 Update: cobbler-2.6.3-1.fc19

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing...

4CVSS2.7AI score0.08809EPSS
Exploits2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

ZPanel templateparser.class.php - Crafted Template Remote Command Execution

No description provided by source. Hi all, There's an arbitrary PHP code execution in ZPanel, a free and open-source shared hosting control panel. Using the included zsudo binary, access can be escalated and commands can be run as root. The vulnerability: ZPanel uses a poor templater system that...

7.1AI score
Exploits0
Snyk
Snyk
added 2014/06/07 9:0 p.m.3 views

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. $parse allowed arbitrary code execution via Angular expressions under some very specific conditions. The only applications affected by these vulnerabilities are those that match all of the following conditions:...

3.7CVSS7.5AI score
Exploits0References2
Rows per page
Query Builder