injection vulnerabilities and exploits

(subscribe to this query)

6.8

CVSSv2

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection....

Yaws Yaws

6.8

CVSSv2

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled....

Sqlalchemy Sqlalchemy 1.2.17 Debian Debian Linux 8.0 Debian Debian Linux 9.0 Opensuse Backports Sle 15.0 Opensuse Leap 15.0 Opensuse Leap 15.1 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux Eus 8.1 Redhat Enterprise Linux Eus 8.2 Redhat Enterprise Linux Eus 8.4 Redhat Enterprise Linux Server Aus 8.2 Redhat Enterprise Linux Server Aus 8.4 Redhat Enterprise Linux Server Tus 8.2 Redhat Enterprise Linux Server Tus 8.4 Oracle Communications Operations Monitor 4.2 Oracle Communications Operations Monitor 4.3

6.8

CVSSv2

Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example,...

Google Chrome

4.3

CVSSv2

Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This...

Mozilla Firefox

7.5

CVSSv2

** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION...

Pocoo Jinja2 2.101 EDB exploit available1 Github repository available

6.8

CVSSv2

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects...

Debian Debian Linux 8.0 Debian Debian Linux 9.0 Redhat Enterprise Linux Server Eus 7.5 Redhat Enterprise Linux Server Aus 7.3 Redhat Enterprise Linux Server Eus 7.3 Redhat Enterprise Linux Server Eus 7.4 Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Workstation 6.0 Redhat Enterprise Linux Server Aus 7.4 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux 6.0 Redhat Enterprise Linux 7.0 Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server 7.0 Mozilla Firefox Mozilla Firefox Esr

6.5

CVSSv2

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was...

Djangoproject Django Debian Debian Linux 9.0 Debian Debian Linux 10.0 Fedoraproject Fedora 328 Github repositories available

9

CVSSv2

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command....

Exim Exim1 Article available

5

CVSSv2

Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file....

Wireshark Wireshark 3.4.0 Fedoraproject Fedora 32 Fedoraproject Fedora 33

5.8

CVSSv2

Autobahn|Python before 20.12.3 allows redirect header injection....

Crossbar Autobahn

Get Started

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook