PYSEC-2022-43177

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

CVE-2022-41539

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/usersadd.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

PT-2022-25042 · Unknown · Libagifencoder.Quram.So

Name of the Vulnerable Software and Affected Versions: libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 Description: A heap-based overflow vulnerability in the makeContactAGIF function of the libagifencoder.quram.so library allows an attacker to perform code execution...

PT-2022-25193 · Unknown · Simple College Website

Name of the Vulnerable Software and Affected Versions: Simple College Website version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted PHP file, leveraging an arbitrary file write vulnerability. This is achieved through the file put contents function...

PT-2022-19247 · Zapier · Code By Zapier

Name of the Vulnerable Software and Affected Versions: Code by Zapier versions prior to 2022-08-17 Description: The issue allowed intra-account privilege escalation, including the execution of Python or JavaScript code, effectively providing a customer-controlled general-purpose virtual machine...

CVE-2022-35699 Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Bridge version 12.0.2 and earlier and 11.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2022-37387 · Pypi · D8S-Xml +1

Name of the Vulnerable Software and Affected Versions: d8s-xml version 0.1.0 Description: The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. Recommendations: For version 0.1.0, avo...

PT-2022-37383 · Pypi · D8S-Json +1

Name of the Vulnerable Software and Affected Versions: d8s-json version 0.1.0 Description: The d8s-json package for Python contains a potential code-execution backdoor. This backdoor is attributed to the democritus-strings package, which was inserted by a third party. Recommendations: For version...

PT-2022-37364 · Pypi · D8S-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-strings version 0.1.0 Description: The d8s-strings package for Python, distributed on PyPI, contains a potential code-execution backdoor. This backdoor is attributed to the democritus-hypothesis package, which was inserted by a third part...

PT-2022-25377 · Unknown +1 · Democritus-Networking +1

Name of the Vulnerable Software and Affected Versions: d8s-mpeg version 0.1.0 Description: The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. Recommendations: For version 0.1.0...

PT-2022-24610 · Pypi · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-netstrings version 0.1.0 Description: The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. Recommendations: For...

Microsoft Office Visio Remote Code Execution Vulnerability

...

CVE-2022-35673

Adobe FrameMaker is affected by CVE-2022-35673 (and related) with an out-of-bounds read during parsing of crafted files, potentially enabling code execution in the user’s context. Affected are FrameMaker 2019 Update 8 and earlier and 2020 Update 4 and earlier. The vulnerability requires user inte...

CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS...

PT-2022-22205 · Unknown +3 · Global-Workqueue +4

Name of the Vulnerable Software and Affected Versions: WMAgent versions 1.3.3rc1 through 1.3.3rc2 reqmgr2 versions 1.4.0rc2 through 1.4.1rc5 reqmon version 1.4.1rc5 global-workqueue version 1.4.1rc5 Description: The issue allows attackers to execute arbitrary code via a crafted dbs-client package...

PT-2022-21764

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS64 versions 10.97.1 and prior Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior Description The issue allows an unauthenticated attacker to execute arbitrary malicious code by leading a user to load a monitori...

CVE-2022-35225

creationtimestamp| type| source ---|---|--- 2022-07-13 00:25:50+00:00| seen| https://t.me/cibsecurity/46105...

Test

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

Design/Logic Flaw

The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

PYSEC-2022-43168

The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...