265 matches found
CVE-2017-1000053
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session...
CVE-2017-1000052
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions...
Sql injection
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions...
Deserialization of untrusted data
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session...
CVE-2017-1000053
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session...
CVE-2017-1000053
Elixir Plug prior to v1.0.4, v1.1.7, v1.2.3, and v1.3.2 is vulnerable to arbitrary code execution via deserialization in Plug.Session. The issue stems from the deserialization functions of Plug.Session, per CVE-2017-1000053. NVD notes a base score of 6.8 (MEDIUM) under CVSS2 and 8.1 (HIGH) under ...
CVE-2017-1000052
CVE-2017-1000052 affects Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2, where the Plug.Static component is vulnerable to a null byte injection that may allow bypassing filetype restrictions. The issue enables a local attacker to exploit the static file serving path, with impact described a...
CVE-2017-1000052
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions...
zhuanti.yoka.com XSS vulnerability
Vulnerable URL: http://zhuanti.yoka.com/elixir/enrichedserum/shop.php?callback=prompt/OPENBUGBOUNTY/...
Fedora Update for python-elixir FEDORA-2014-9763
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : python-elixir-0.7.1-14.fc20 (2014-9763)
CVE-2012-2146 The 'actsasencrypted' feature of Elixir does not correctly initialize the random seed for the Blowfish encryption algorithm, and is therefore insecure. This option adds a new optional AES mode which does not suffer this problem, plus a warning is now printed when insecure Blowfish...
Fedora 19 : python-elixir-0.7.1-14.fc19 (2014-9752)
CVE-2012-2146 The 'actsasencrypted' feature of Elixir does not correctly initialize the random seed for the Blowfish encryption algorithm, and is therefore insecure. This option adds a new optional AES mode which does not suffer this problem, plus a warning is now printed when insecure Blowfish...
Fedora Update for python-elixir FEDORA-2014-9752
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 19 Update: python-elixir-0.7.1-14.fc19
Elixir is a declarative layer on top of SQLAlchemy. It is a fairly thin wrapper, which provides the ability to define model objects following the Active Record design pattern, and using a DSL syntax similar to that of the Ruby on Rails ActiveRecord system. Elixir does not intend to replace...
[SECURITY] Fedora 20 Update: python-elixir-0.7.1-14.fc20
Elixir is a declarative layer on top of SQLAlchemy. It is a fairly thin wrapper, which provides the ability to define model objects following the Active Record design pattern, and using a DSL syntax similar to that of the Ruby on Rails ActiveRecord system. Elixir does not intend to replace...
CVE-2012-2146
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...
CVE-2012-2146
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...
PYSEC-2012-13
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...
Design/Logic Flaw
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...
CVE-2012-2146
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...