Search
Total
14 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38316 | 1 Opennds | 1 Captive Portal | 2023-11-23 | N/A | 9.8 CRITICAL |
| An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. | |||||
| CVE-2022-26174 | 1 Beekeeperstudio | 1 Beekeeper-studio | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields. | |||||
| CVE-2021-42010 | 1 Apache | 1 Heron | 2023-08-08 | N/A | 9.8 CRITICAL |
| Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue. | |||||
| CVE-2022-42948 | 1 Helpsystems | 1 Cobalt Strike | 2023-08-08 | N/A | 9.8 CRITICAL |
| Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI. | |||||
| CVE-2022-35153 | 1 Fusionpbx | 1 Fusionpbx | 2023-08-08 | N/A | 9.8 CRITICAL |
| FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. | |||||
| CVE-2023-35941 | 1 Envoyproxy | 1 Envoy | 2023-08-02 | N/A | 9.8 CRITICAL |
| Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration. | |||||
| CVE-2021-44042 | 1 Uipath | 1 Assistant | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content does not match an existing process). A determined attacker could leverage this to execute JavaScript in the context of the Electron application. | |||||
| CVE-2022-25235 | 4 Debian, Fedoraproject, Libexpat Project and 1 more | 5 Debian Linux, Fedora, Libexpat and 2 more | 2022-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | |||||
| CVE-2021-33672 | 1 Sap | 1 Contact Center | 2021-09-24 | 9.3 HIGH | 9.6 CRITICAL |
| Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the attacker can further execute operating system level commands in the chat recipient's scope. This could lead to a complete compromise of their confidentiality, integrity, and could temporarily impact their availability. | |||||
| CVE-2021-28940 | 1 Magpierss Project | 1 Magpierss | 2021-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands. | |||||
| CVE-2019-11325 | 1 Sensiolabs | 1 Symfony | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter. | |||||
| CVE-2018-15494 | 2 Debian, Dojotoolkit | 2 Debian Linux, Dojo | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. | |||||
| CVE-2017-8303 | 1 Accellion | 1 File Transfer Appliance | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter. | |||||
| CVE-2018-9246 | 2 Ledgersmb, Pgobject-util-dbadmin Project | 2 Ledgersmb, Pgobject-util-dbadmin | 2018-08-01 | 7.5 HIGH | 9.8 CRITICAL |
| The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application. | |||||