code injection vulnerabilities and exploits

(subscribe to this query)

7.2

CVSSv3

The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site...

Ad Injection Project Ad Injection

9.8

CVSSv3

SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php....

Ifsc Code Finder Project Ifsc Code Finder 1.02 Github repositories available

9.8

CVSSv3

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements...

Oturia Smart Google Code Inserter1 EDB exploit available5 Github repositories available

8.8

CVSSv3

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects...

Debian Debian Linux 8.0 Debian Debian Linux 9.0 Redhat Enterprise Linux Server Eus 7.5 Redhat Enterprise Linux Server Aus 7.3 Redhat Enterprise Linux Server Eus 7.3 Redhat Enterprise Linux Server Eus 7.4 Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Workstation 6.0 Redhat Enterprise Linux Server Aus 7.4 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux 6.0 Redhat Enterprise Linux 7.0 Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server 7.0 Mozilla Firefox Mozilla Firefox Esr

6.1

CVSSv3

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection...

Ejs Ejs1 Github repository available

9.8

CVSSv3

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user....

Cobbler Project Cobbler

6.1

CVSSv3

Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This...

Mozilla Firefox

7.5

CVSSv3

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of...

Python Pyxdg

8.1

CVSSv3

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method....

Ruby-lang Ruby Debian Debian Linux 8.0 Debian Debian Linux 9.0 Opensuse Leap 15.1 Oracle Graalvm 19.3.0.21 Github repository available

8.8

CVSSv3

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file....

Wireshark Wireshark Oracle Zfs Storage Appliance 8.8 Debian Debian Linux 9.01 Github repository available

Get Started

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook