CVE-2018-3988

Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system...

CVE-2018-3988

Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system...

CVE-2018-3988

Signal Messenger for Android 4.24.8 is affected by an information-disclosure vulnerability when using the “disappearing messages” feature and the photo option in the Attach File menu. The issue arises because Signal stores the photo in its own cache directory, which can be accessed by other appli...

PT-2018-16356 · Signal · Signal Messenger For Android

Name of the Vulnerable Software and Affected Versions: Signal Messenger for Android version 4.24.8 Description: The issue may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Thunderbird vulnerabilities (USN-3793-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3793-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a...

SeedDMS System Command Injection Vulnerability

SeedDMS formerly known as LetoDMS and MyDMS is SeedDMS enthusiasts jointly developed a set of PHP and MySql-based open source document management system . The system is mainly used to store and share documents. A system command injection vulnerability exists in SeedDMS versions prior to 5.1.8. An...

CVE-2018-12941

This vulnerability allows remote attackers to execute arbitrary code in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to th...

CVE-2018-12941

This vulnerability allows remote attackers to execute arbitrary code in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to th...

CVE-2018-12941

This vulnerability allows remote attackers to execute arbitrary code in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to th...

CVE-2017-5397

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own...

CVE-2017-5397

The CVE-2017-5397 issue affects Mozilla Firefox, specifically versions earlier than 51.0.3. The root cause is a world-writable cache directory on the local filesystem, which Firefox uses to extract libraries. This configuration allows a local attacker with write access (e.g., a malicious installe...

CVE-2017-5397

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own...

CVE-2017-5397

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own...

Security vulnerabilities fixed in Firefox 51.0.3 — Mozilla

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own...

UBUNTU-CVE-2015-5723

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local...

The use of PHP 7 is due to the OPcache execute PHP code-bug warning-the black bar safety net

from:http://blog. gosecure. ca/2 0 1 6/0 4/2 7/binary-webshell-through-opcache-in-php-7/ In the PHP 7.0 release at the beginning, there are a lot of PHP developers for its performance improvement is very attention. In the introduction of OPcache, PHP performance has been greatly improved, many...

douphp /cache 目录物理路径泄漏

漏洞分析 漏洞文件 cache目录下的所有文件 如：admin/backup.htm.php php tplvars'lang''home'; ?//会引起报错 2. 漏洞利用 直接访问 http://www.douco.com/cache/admin/backup.htm.php 然后查看网页源码，泄漏物理路径 3. 漏洞修复 关闭错误信息显示...

PHP 5.6.x < 5.6.8 Multiple Vulnerabilities - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP 5.6.x < 5.6.8 Multiple Vulnerabilities - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP 5.4.x < 5.4.40 / 5.5.x < 5.5.24 / 5.6.x < 5.6.8 'php_sdl.c' WSDL Injection

Binary data 8789.prm...