CVE-2020-25803 – Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via deep inspection of FreeMarker template exposed objects.
https://notcve.org/view.php?id=CVE-2020-25803
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7. Una vulnerabilidad de Control Inapropiado de los Recursos de Código Administrados Dinámicamente en Crafter Studio de Crafter CMS, permite a los desarrolladores autenticados ejecutar comandos de Sistema Operativo por medio de los objetos expuestos de la plantilla FreeMarker. Este problema afecta a: Crafter Software Crafter CMS versiones 3.0 anteriores a 3.0.27; versiones 3.1 anteriores a 3.1.7 • https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080102 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVE-2020-25802 – Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via Groovy scripting.
https://notcve.org/view.php?id=CVE-2020-25802
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7. Una vulnerabilidad de Control Inapropiado de Recursos de Código Administrado Dinámicamente en Crafter Studio de Crafter CMS, permite a desarrolladores autenticados ejecutar comandos de Sistema Operativo por medio de scripting Groovy. Este problema afecta a: Crafter Software Crafter CMS versiones 3.0 anteriores a 3.0.27; versiones 3.1 anteriores a 3.1.7 • https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080101 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVE-2018-7472
https://notcve.org/view.php?id=CVE-2018-7472
INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations. INVT Studio 1.2 permite que atacantes remotos provoquen una denegación de servicio (DoS) durante las operaciones de importación. • http://www.cnvd.org.cn/flaw/show/1205913 •
CVE-2011-4315
https://notcve.org/view.php?id=CVE-2011-4315
Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. Desbordamiento de búfer basado en memoria dinámica en el procesamiento de compresión puntero en core/ngx_resolver.c en nginx antes de v1.0.10 permite a resolvers remotos causar una denegación de servicio (caída del demonio) o posiblemente tener un impacto no especificado a través de una respuesta larga. • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html http://openwall.com/lists/oss-security/2011/11/17/10 http://openwall.com/lists/oss-security/2011/11/17/8 http://secunia.com/advisories/47097 http://secunia.com/advisories/48577 http://security.gentoo.org/glsa/glsa-201203-22.xml http://trac.nginx.org/nginx/changeset/4268/nginx http://www.nginx.org/en/CHANGES-1.0 • CWE-787: Out-of-bounds Write •
CVE-2010-2427
https://notcve.org/view.php?id=CVE-2010-2427
VMware Studio 2.0 does not properly write to temporary files, which allows local users to gain privileges via unspecified vectors. VMware Studio v2.0 no escribe adecuadamente en los archivos temporales, lo cual permite a usuarios locales conseguir privilegios a través de vectores no especificados. • http://lists.vmware.com/pipermail/security-announce/2010/000101.html http://secunia.com/advisories/40507 http://securitytracker.com/id?1024187 http://www.securityfocus.com/archive/1/512311/100/0/threaded http://www.securityfocus.com/bid/41568 http://www.vupen.com/english/advisories/2010/1791 http://www.wmware.com/security/advisories/VMSA-2010-0011.html https://exchange.xforce.ibmcloud.com/vulnerabilities/60351 • CWE-264: Permissions, Privileges, and Access Controls •