GHSA-GMJG-HV98-QGGQ PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute

Summary praisonaiagents resolves unresolved tool names against module globals and main after it fails to match the declared tool list and the registry. With the default agent configuration, permallow is None, so undeclared non-dangerous tool names are not rejected by the permission gate. An...

EUVD-2006-3792

Malware in sbrugna...

Arbitrary Code Execution

phpmailer/phpmailer is vulnerable to arbitrary code execution. When the $patternselect parameter in validateAddress is set to the default php defined by PHPMailer::$validator, and the global namespace contains a function called php, untrusted code can be called when such code is injected into the...

PT-2021-3390 · Phpmailer +3 · Phpmailer +3

Name of the Vulnerable Software and Affected Versions: PHPMailer versions 6.4.1 and earlier Description: The issue is related to the validateAddress function in PHPMailer, which can lead to the execution of untrusted code if such code is injected into the host project's scope by other means. This...

FreeBSD : FreeBSD -- POSIX shm allows jails to access global namespace (5b1463dd-dab3-11e7-b5af-a4badb2f4699)

Named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. Impact : A malicious user that has access to a jailed system is able to abuse shared memory by injecting...

FreeBSD -- POSIX shm allows jails to access global namespace

Problem Description: Named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. Impact: A malicious user that has access to a jailed system is able to abuse shared...

Google Upspin Secure File-Sharing Released to Open Source

Google has released to open source new file-sharing interfaces and protocols it calls Upspin that allow users to securely share files using a global namespace rather than uploading and downloading content or sharing it first with a web-based service. Upspin is largely a consumer tool, Google said...

phpMyAdmin 3.x Conditional Session Manipulation

phpMyAdmin 3.x Conditional Session Manipulation Advisory from ???????????????????????????????????????????????.??? ??':????:'?????????????????????????????????????????::?????'??'.? ????'.??.'?????????????????????????????????????????????????????? ?????'..'???????..???..?????????:':??????????...

phpMyAdmin 3.x Conditional Session Manipulation

No description provided by source. Application: phpMyAdmin 3.x Patched ver: 3.3.10.3 and 3.4.3.2 Severity: Low Exploitable: Remote PMASA ID: PMASA-2011-12 Description If the Swekey extention is activated a remote attacker can manipulate the variables in the the global namespace. Fix Upgrade to...

CVE-2006-3798

DeluxeBB 1.07 and earlier exposes a vulnerability where a remote attacker can set the COOKIE data to overwrite the internal variables _GET, _POST, _ENV, and _SERVER during an extract function call, resulting in pollution of the global namespace and potentially multiple security vulnerabilities. A...