sonar-wrapper Command Injection vulnerability

A command injection vulnerability affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js...

GHSA-WR4V-3F2H-6HHH sonar-wrapper Command Injection vulnerability

A command injection vulnerability affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js...

CVE-2020-28443 Command Injection

This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js...

CVE-2020-28443

CVE-2020-28443 affects all versions of the Node package sonar-wrapper, with the injection point in lib/sonarRunner.js. The vulnerability is a Command Injection flaw, allowing crafted input to be injected into system commands (high impact: CVSS 3.1 base score 9.8). Connected sources confirm the vu...

ffmpeg-sdk 命令注入漏洞

ffmpeg-sdk is a ffmpeg wrapper for nodejs by the individual developer Shajan Jacob in India. A security vulnerability exists in ffmpeg-sdk, which stems from the vulnerability of index.js to command injection attacks...

sonar-wrapper 命令注入漏洞

sonar-wrapper is a package by loic rondel individual developer that wraps SonarQube Scanner as a node module. A security vulnerability exists in sonar-wrapper, which stems from a command injection attack injection point in sonarRunner.js...

CVE-2022-2444

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

CVE-2022-2444

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

CVE-2022-2437

The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'ftsurl' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will...

Deserialization of untrusted data

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

Deserialization of untrusted data

The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'ftsurl' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will...

CVE-2022-2437

CVE-2022-2437 affects the WordPress plugin Feed Them Social (versions up to and including 2.9.8.5). The vulnerability is described as deserialization of untrusted input through the fts_url parameter, enabling an unauthenticated attacker to trigger a PHAR wrapper to deserialize data and invoke arb...

CVE-2022-2444

The CVE-2022-2444 issue affects the WordPress plugin Visualizer (Tables and Charts Manager) up to version 3.7.9. It hinges on deserialization of untrusted input via the remote_data parameter, allowing authenticated attackers with contributor privileges to upload a payload that can be executed thr...

CVE-2022-2444 Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

PT-2022-16697 · WordPress · The Visualizer: Tables/Charts Manager For Wordpress

Name of the Vulnerable Software and Affected Versions: The Visualizer: Tables and Charts Manager for WordPress versions up to, and including 3.7.9 Description: The issue concerns deserialization of untrusted input via the remote data parameter. This allows authenticated attackers with contributor...

WordPress plugin Feed Them Social 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Feed Them...

PT-2022-16649 · WordPress · Feed Them Social

Name of the Vulnerable Software and Affected Versions: Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress versions up to, and including 2.9.8.5 Description: The issue allows deserialization of untrusted input via the fts url parameter. This enables unauthenticated attacker...

Visualizer: Tables and Charts Manager for WordPress < 3.7.10 - Contributor+ PHAR Deserialization

The plugin does not validate the ‘remotedata’ parameter allowing contributor and above roles to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP objects when a POP chain is present...

Malicious Package

Overview react-swipeable-wrapper-example is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable i...

Malicious code in editor-with-wrapper-no-modal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51686c2414d61dee9e94ea84369aa9e2aac2ae6984737e6007c2566b8a9ff569 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...