14 matches found
CVE-2025-15247
creationtimestamp| type| source ---|---|--- 2026-01-12 15:02:17+00:00| seen| Telegram/y0eQAbUKuWo3WgNQ26iaWbPj3ea5ybOv03pwHsLfPooVzvs...
CVE-2025-15247 gmg137 snap7-rs client.rs download heap-based overflow
A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424. Affected by this issue is the function snap7rs::client::S7Client::download of the file client.rs. Such manipulation leads to heap-based buffer overflow. The attack can be executed remotely. The explo...
CVE-2025-15247 gmg137 snap7-rs client.rs download heap-based overflow
A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424. Affected by this issue is the function snap7rs::client::S7Client::download of the file client.rs. Such manipulation leads to heap-based buffer overflow. The attack can be executed remotely. The explo...
CVE-2019-15247
creationtimestamp| type| source ---|---|--- 2024-01-16 08:01:39+00:00| seen| https://t.me/ctinow/168665...
CVE-2021-21264
CVE-2021-21264 affects October CMS (Laravel-based) and describes a Twig sandbox bypass where an authenticated backend user with cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions can write PHP code despite cms.enableSafeMode being enabled. The vulnerability mirrors the impac...
Sandbox Escape
October is vulnerable to arbitrary code execution. An authenticated backend user with cms.managepages, cms.managelayouts, or cms.managepartials permissions is allowed to write malicious Twig code leading to an escape from sandbox even if cms.enableSafeMode is set. This vulnerability is a bypass o...
CVE-2020-15247
creationtimestamp| type| source ---|---|--- 2020-11-23 22:46:01+00:00| seen| https://t.me/cibsecurity/16732 2020-11-24 00:46:18+00:00| seen| https://t.me/cibsecurity/16758...
Design/Logic Flaw
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.managepages, cms.managelayouts, or...
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Impact A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide PHP code to be execut...
GHSA-R89V-CGV7-3JHX Bypass of fix for CVE-2020-15247, Twig sandbox escape
Impact A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide PHP code to be execut...
CVE-2020-15247
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be...
CVE-2020-15247
Technical details about CVE-2020-15247 are not publicly provided in the connected documents. The available sources mention related CVEs and patches for October CMS, but no explicit technical specifics are included here. Monitor for updates.
CVE-2019-15247
Cisco SPA100 Series ATAs are affected by CVE-2019-15247 due to improper validation of input to the device’s web-based management interface. An authenticated, adjacent attacker could craft requests to the affected device and execute arbitrary code with elevated privileges, with the management inte...
CVE-2017-15247
Summary (supported): CVE-2017-15247 affects IrfanView 4.44 (32‑bit) with PDF plugin 4.43. A crafted PDF can trigger a buffer overflow in the PDF handling path, potentially causing a denial of service or other unspecified impact. Related CNVD/CNVD-like entries corroborate buffer overflow/DoS vecto...