CVE-2020-26229

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the...

BIT-TYPO3-2020-26229

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the...

XML External Entity in Dashboard Widget

Problem It has been discovered that RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At leas...

Sql injection

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in...

PT-2020-16357 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 9.5.23 TYPO3 versions prior to 10.4.10 Description: The issue concerns user session identifiers being stored in cleartext without additional cryptographic hashing algorithms. This cannot be exploited directly and occur...

PT-2020-16356 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 9.5.23 TYPO3 versions prior to 10.4.10 Description: The system extension Fluid of the TYPO3 core is vulnerable to cross-site scripting when passing user-controlled data as an argument to Fluid view helpers. This issue...

PT-2020-16358 · Xmlsoft +1 · Libxml2 +1

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 10.4.0 through 10.4.9 Description: The issue concerns XML external entity processing in RSS widgets, which is reasonable but theoretical, as it could not be reproduced with current PHP versions of supported and maintained syste...

Mac OS X xnu <= 1228.x (hfs-fcntl) Local Kernel Root Exploit

No description provided by source. !/bin/bash xnu-hfs-fcntl-v2.sh Copyright c 2008 by [email protected] Apple MACOS X 792.0 = xnu = 1228.x local kernel root exploit by mu-b - Sat 14 June 2008 - Tested on: Apple MACOS X 10.4.8 xnu-792.14.14.obj1/RELEASEI386 Apple MACOS X 10.4.9...

Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities

CVE-2007-4708 CVE-2007-4709 CVE-2007-4710 CVE-2007-5847 CVE-2007-5848 CVE-2007-5849 CVE-2007-5850 CVE-2007-5851 CVE-2007-5853 CVE-2007-5854 CVE-2007-5855 CVE-2007-5856 CVE-2007-5857 CVE-2007-5859 CVE-2007-5876 CVE-2007-5860 CVE-2007-5861 These issues affect Mac OS X and various applications,...

Apple CFNetwork HTTP空指针引用拒绝服务漏洞

BUGTRAQ ID: 22249 CVECAN ID: CVE-2007-0464 Apple Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X的CFNetwork处理畸形回应数据时存在漏洞，远程攻击者可能利用此漏洞导致客户端崩溃。 CFNetwork是一个Core Services框架，可提供解压网络协议所需的函数库。Mac OS X的CFNetwork没有正确地处理某些HTTP响应，CFNetConnectionWillEnqueueRequests函数可能会引用空指针。如果服务器向使用这个API的客户端发送了特制响应的话，就可以触发这个漏洞，导致拒绝服务的情况。...

Heap overflow

Heap-based buffer overflow in the UPnP IGD Internet Gateway Device Standardized Device Control Protocol implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet...

CVE-2007-3744

Heap-based buffer overflow in the UPnP IGD Internet Gateway Device Standardized Device Control Protocol implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet...

Integer overflow

Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allows remote attackers to execute arbitrary code via a crafted PDF file...

CVE-2007-2405

CVE-2007-2405 describes an integer underflow in Preview (PDFKit) on Mac OS X 10.4.10 that can be triggered by a crafted PDF file to achieve remote code execution. The affected component is Preview/PDFKit in Mac OS X’s PDF handling. The CVSS metrics indicate network access, no authentication, and ...