Page 75 of 8785 results (0.151 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Dimension versions 3.4.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/dimension/apsb24-47.html • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. ... This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully patched in 2.8.7 when the missing authorization and cross-site request forgery protection was added. The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. ... This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully patched in 2.8.7 when the missing authorization and cross-site request forgery protection was added. • https://github.com/nastar-id/CVE-2024-7094 https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/includes/css/style.php https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/includes/formhandler.php https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/controller.php https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/model.php https://plugins.trac.wordpress.org/browser/js-s • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting  --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges. A flaw was found in the Fence Agents Remediation operator. • https://access.redhat.com/security/cve/CVE-2024-5651 https://bugzilla.redhat.com/show_bug.cgi?id=2290540 https://access.redhat.com/errata/RHSA-2024:5453 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenicated Attackers can send malicious packet to execute arbitary commands. In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. • https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setUPnPCfg/setUPnPCfg.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server). • https://github.com/Fckroun/CVE-2024-41651 https://github.com/Fckroun/CVE-2024-41651/tree/main • CWE-94: Improper Control of Generation of Code ('Code Injection') •