PYSEC-2022-43168

The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-34053

The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-33003

The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-32156

creationtimestamp| type| source ---|---|--- 2022-06-15 20:20:34+00:00| seen| https://t.me/cibsecurity/44546...

PYSEC-2022-43071

api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package...

CVE-2022-30808

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manageuploads.php...

GHSA-X38J-4RR5-HQRJ git-big-picture Code Execution

git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution...

CVE-2021-42643

cmseasy V7.7.520211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability...

CVE-2021-42643

cmseasy V7.7.520211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability...

phpMyAdmin Code Injection vulnerability

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

MantisBT XSS via my_view_page.php and view_user_page.php

A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...

CVE-2022-28828 Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Code Execution Vulnerability

Adobe Framemaker versions 2029u8 and earlier and 2020u4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious fi...

Code injection

ftcms =2.1 was discovered to be vulnerable to code execution attacks...

CVE-2022-29423

creationtimestamp| type| source ---|---|--- 2022-05-06 22:23:08+00:00| seen| https://t.me/cibsecurity/42144...

CVE-2022-21214 ICSA-22-090-03 Fuji Electric Alpha5

The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution...

CVE-2022-20001 Injection in fish

fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing...

CVE-2021-23180

A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in fileextension,in file.c may lead to execute arbitrary code and denial of service...

PT-2021-23581 · Unknown · 4Mosan Gcb Doctor

Name of the Vulnerable Software and Affected Versions: 4MOSAn GCB Doctor affected versions not specified Description: The issue is related to improper validation of Cookie on the login page, allowing an unauthenticated remote attacker to bypass authentication by code injection in the cookie. This...

PT-2021-10336 · Vaethink · Vaethink

Name of the Vulnerable Software and Affected Versions: vaeThink version 1.0.1 Description: A vulnerability in the vae admin rule database table allows attackers to execute arbitrary code via a crafted payload in the condition parameter. Recommendations: For vaeThink version 1.0.1, consider...

Debian DLA-2727-1 : pyxdg - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2727 advisory. It was discovered that there was a code injection issue in PyXDG, a library used to locate freedesktop.org configuration/cache/etc. directories. CVE-2019-12761 A code...