Fedora: Security Advisory (FEDORA-2026-bfeb46516b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : php-phpseclib (2026-d1feefa819)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d1feefa819 advisory. Update to v2.0.52 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

PT-2026-26464

Name of the Vulnerable Software and Affected Versions phpseclib versions 1.0.26 and below phpseclib versions 2.0.0 through 2.0.51 phpseclib versions 3.0.0 through 3.0.49 Description phpseclib is a PHP secure communications library. Projects utilizing the affected versions are susceptible to a...

EUVD-2025-27822

Malicious code in bioql PyPI...

Yii Framework < 2.0.52 Unsafe Reflection Regression (GHSA-ggwg-cmwp-46r5)

The version of Yii Framework installed on the remote host is prior to 2.0.52. It is, therefore, affected by an unsafe reflection vulnerability. - Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in...

CVE-2025-32289

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Yozi yozi allows PHP Local File Inclusion.This issue affects Yozi: from n/a through = 2.0.63...

CVE-2025-32289

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Yozi yozi allows PHP Local File Inclusion.This issue affects Yozi: from n/a through = 2.0.63...

CVE-2023-26256

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system...

CVE-2019-14947

The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade...

Yii 安全漏洞

Yii is a component-based, high-performance PHP framework for developing large-scale web applications developed by the YII team. A security vulnerability exists in Yii 2 versions prior to 2.0.52, which stems from improper handling of behavior attachments...

PT-2025-15893

Name of the Vulnerable Software and Affected Versions Yii 2 versions prior to 2.0.52 Description The issue arises from the mishandling of behavior attachment, specifically when behaviors are defined by a class array key. This has been exploited in the wild, with approximately 13,000 vulnerable...

Jira plugin STAGIL Navigation 路径遍历漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is mainly used to track and manage all kinds of issues and defects in the workplace. A security vulnerability exists in Jira plugin STAGIL Navigation prior to version 2.0.52, which stems from the presence o...

PT-2023-20565 · Unknown · Stagil Navigation For Jira - Menu & Themes

Name of the Vulnerable Software and Affected Versions: STAGIL Navigation for Jira - Menu & Themes plugin versions prior to 2.0.52 for Jira Description: An unauthenticated path traversal issue affects the plugin. By modifying the fileName parameter to the "snjCustomDesignConfig" endpoint, it is...

Jira plugin STAGIL Navigation 路径遍历漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is mainly used to track and manage all kinds of issues and defects in the workplace. A security vulnerability exists in Jira plugin STAGIL Navigation prior to version 2.0.52, which stems from the presence o...

CVE-2005-1344

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is...

Apache <= 2.0.52 HTTP GET request Denial of Service Exploit

No description provided by source. !/usr/bin/perl Based on - apache-squ1rt.c exploit. Original credit goes to Chintan Trivedi on the FullDisclosure mailing list: http://seclists.org/lists/fulldisclosure/2004/Nov/0022.html More info - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942...

Apache 2.0.52 Multiple Space Header DoS (Perl code)

No description provided by source. !/usr/bin/perl Noam Rathaus of Beyond Security Ltd. use strict; use IO::Socket::INET; usage unless @ARGV == 2; my $host = shift@ARGV; my $port = shift@ARGV; my $socket = IO::Socket::INET-newproto='tcp', PeerAddr=$host, PeerPort=$port;...

Apache 2.0.52 Multiple Space Header DoS (c code)

No description provided by source. /// Apache 2.0.52 and earlier DoS - Chintan Trivedi [email protected] include "stdafx.h" include "winsock.h" include "string.h" include "stdio.h" include "windows.h" pragma commentlib,"ws232" DWORD WINAPI attackLPVOID; char target256;...

mod_ssl SSLCipherSuite bypass

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

Apache 2.0.52 Multiple Space Header DoS

No description provided by source. !/usr/bin/perl Noam Rathaus of Beyond Security Ltd. use strict; use IO::Socket::INET; usage unless @ARGV == 2; my $host = shift@ARGV; my $port = shift@ARGV; my $socket = IO::Socket::INET-newproto='tcp', PeerAddr=$host, PeerPort=$port; ...