DEBIAN-CVE-2021-43617

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for...

Input validation

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for...

CVE-2021-43617

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for...

CVE-2021-43617

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for...

CVE-2021-43617

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for...

Mozilla Firefox Security Advisory (MFSA2014-40) - Deprecated

This host is missing a security update for Mozilla Firefox. This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Mozilla Firefox Security Advisory (MFSA2013-83) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

FormatFuzzer - A Framework For High-Efficiency, High-Quality Generation And Parsing Of Binary Inputs

FormatFuzzer is a framework for high-efficiency, high-quality generation and parsing of binary inputs. It takes a binary template that describes the format of a binary input and generates an executable that produces and parses the given binary format. From a binary template for GIF, for instance,...

Trojan.Win32.Servstar.poa Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/7588da376f496aa678cdfca4e404f38a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Servstar.poa Vulnerability: Insecure Service Path Description: The malware creates a...

Backdoor.Win32.Hupigon.bnbb Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0857f2c8541dba287d648eec17163d3f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.bnbb Vulnerability: Insecure Service Path Description: The malware creates a...

CVE-2021-43411

An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root...

CVE-2021-26844

A cross-site scripting XSS vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe...

Command Injection

firefox is vulnerable to command injection. The vulnerability exists due to executable file warning was not presented when downloading .inetloc files, which allows the system to run malicious code on the system...

Mozilla Firefox command injection vulnerability

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A security vulnerability exists in Mozilla Firefox, which stems from a failure to display an executable warning when downloading an inetloc file that can run commands on a user's computer. No details of the...

Mozilla Thunderbird < 91.3

The version of Thunderbird installed on the remote Windows host is prior to 91.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-50 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions...

Microsoft Windows CryptoAPI Spoofing Vulnerability

Microsoft Windows CryptoAPI Crypt32.dll contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was fro...

Mozilla Thunderbird < 91.3

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-50 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass...

Security Vulnerabilities fixed in Thunderbird 91.3 — Mozilla

Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...

aDLL - Adventure of Dinamic Link Library

aDLL is abinary analysis tool focused on the automatic discovery of DLL Hijacking vulnerabilities. The tool analyzes the image of the binary loaded in memory to search for DLLs loaded at load-time and makes use of the Microsoft Detours library to intercept calls to the LoadLibrary/LoadLibraryEx...

Security Vulnerabilities fixed in Firefox 94 — Mozilla

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have...