ruby: RCE vulnerability with .rdoc_options in RDoc

A flaw was found in Rubygem RDoc. When parsing .rdocoptions used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution...

PT-2024-2479 · Ruby +7 · Rdoc +7

Name of the Vulnerable Software and Affected Versions: RDoc versions 6.3.3 through 6.6.2 Description: The issue is related to the restoration of untrusted data in memory by the RDoc documentation generator for the Ruby programming language. This can be exploited to execute arbitrary code using...

The vulnerability in the `bitrix/modules/main/classes/general/user_options.php` file of the `main` module of the Bitrix24 business management service allows a hacker to execute arbitrary code and gain increased privileges.

The vulnerability of the bitrix/modules/main/classes/general/useroptions.php file in the Bitrix24 business management module is related to improper external manipulation of the file’s name or path. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely and...

PT-2023-6687

Name of the Vulnerable Software and Affected Versions Bitrix24 version 22.0.300 Description An unsafe variable extraction issue exists in the bitrix/modules/main/classes/general/user options.php file. This allows remote authenticated attackers to execute arbitrary code through two methods:...

CVE-2023-34092 Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)

Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options server.fs.deny can be bypassed using double forward-slash // allows any unauthenticated user to read file from the Vite root-path of the application including the default fs.deny...

WordPress plugin Fancy Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

SUSE CVE-2005-3393

Format string vulnerability in the foreignoption function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option...

SUSE CVE-2014-3158

Integer overflow in the getword function in options.c in pppd in Paul's PPP Package ppp before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "corrupts security-relevant variables."...

WordPress Plugin Contest Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WP-Ban 跨站脚本漏洞

WP-Ban is a blog by Lester Chan, a personal developer that bans users from WordPress via IP, IP range, hostname, user agent and referring url. WP-Ban suffers from a security vulnerability that stems from an unknown function in its ban-options.php file that allows an attacker to implement cross-si...

WP-Ban 安全漏洞

WP-Ban is a blog by Lester Chan, an individual developer, that bans users from accessing WordPress via IP, IP range, hostname, user agent, and referring url. A security vulnerability exists in WP-Ban, which stems from the manipulation of a parameter in the togglecheckbox function of its...

WordPress plugin Giveaway SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in WordPress...

CVE-2019-17229

includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress has multiple stored XSS issues...

EulerOS 2.0 SP3 : ppp (EulerOS-SA-2019-2652)

According to the version of the ppp package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Integer overflow in the getword function in options.c in pppd in Paul's PPP Package ppp before 2.4.7 allows attackers to 'access privileged options' vi...

CVE-2019-16118

Cross site scripting XSS in the photo-gallery 10Web Photo Gallery plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php...

MetalGenix GeniXCMS SQL Injection Vulnerability (CNVD-2017-00559)

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A SQL injection vulnerability exists in the inc/mod/newsletter/options.php file in MetalGenix GeniXCMS...

DEBIAN-CVE-2014-3158

Integer overflow in the getword function in options.c in pppd in Paul's PPP Package ppp before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "corrupts security-relevant variables."...

CVE-2014-3158

Integer overflow in the getword function in options.c in pppd in Paul's PPP Package ppp before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "corrupts security-relevant variables."...

UBUNTU-CVE-2014-3158

Integer overflow in the getword function in options.c in pppd in Paul's PPP Package ppp before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "corrupts security-relevant variables."...

qpopper Options File Buffer Overflow

Binary data 1789.prm...