Ubuntu 16.04 LTS : Smarty vulnerability (USN-8272-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8272-1 advisory. Takuya Aramaki discovered that Smarty did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack...

USN-8272-1: Smarty vulnerability

Takuya Aramaki discovered that Smarty did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack...

Security Bulletin: Vulnerabilities in smarty and axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in smarty and axios. Vulnerabilities include allowing an attacker to inject malicious scripts into a Web page and steal cookie-based authentication credentials, execute arbitrary code on the system, and...

EUVD-2012-4221

Malware in sbrugna...

EUVD-2010-4691

Malware in sbrugna...

EUVD-2009-5010

Malware in sbrugna...

EUVD-2008-4790

Malware in sbrugna...

EUVD-2010-4692

Malware in sbrugna...

EUVD-2005-0914

Malware in sbrugna...

EUVD-2010-4688

Malware in sbrugna...

EUVD-2022-2716

Malicious code in bioql PyPI...

EUVD-2022-3376

Malicious code in bioql PyPI...

EUVD-2022-2026

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-28447

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execut...

CVE-2021-26120

Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring...

CVE-2018-25047

In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user...

CVE-2009-5053

Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file...

Ubuntu 24.04 LTS / 24.10 : Smarty vulnerability (USN-7377-1)

The remote Ubuntu 24.04 LTS / 24.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7377-1 advisory. It was discovered that Smarty did not properly sanitize template file names. An attacker could possibly use this issue to cause Smarty to crash, resulting...

USN-7377-1: Smarty vulnerability

It was discovered that Smarty did not properly sanitize template file names. An attacker could possibly use this issue to cause Smarty to crash, resulting in a denial of service, or possibly execute arbitrary code...

ROS-20250212-09

A vulnerability in the PHP Smarty templating engine is related to incorrect input validation when processing the attribute "extends-tag" attribute. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary PHP code on the target system. arbitrary PHP code on t...