89 matches found
Updated php-geshi package fix security vulnerabilities
A directory traversal and information disclosure local file inclusion flaws were found in the cssgen contrib module application to generate custom CSS files of GeSHi, a generic syntax highlighter, performed sanitization of 'geshi-path' and 'geshi-lang-path' HTTP GET / POST variables. A remote...
WordPress Crayon Syntax Highlighter - Remote File Inclusion
WordPress Crayon Syntax Highlighter plugin's "wpload" parameter is prone to a remote file include vulnerability. It allows an attacker o compromise the application and the underlying system. Other attacks are also possible. Solution Update the plugin...
Crayon Syntax Highlighter <= 1.12 - Remote File Inclusion
The Crayon Syntax Highlighter WordPress plugin was affected by a Remote File Inclusion security vulnerability...
WordPress Plugin Crayon Syntax Highlighter - wp_load Remote File Inclusion
WordPress Plugin Crayon Syntax Highlighter - wpload Remote File Inclusion source: https://www.securityfocus.com/bid/55919/info The Crayon Syntax Highlighter plug-in for WordPress is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input...
WordPress Plugin Crayon Syntax Highlighter - 'wp_load' Remote File Inclusion
source: https://www.securityfocus.com/bid/55919/info The Crayon Syntax Highlighter plug-in for WordPress is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remote attacker to obtain sensitive...
Syntax Highlighter 3.0.83 - index.html HTML Injection
Syntax Highlighter 3.0.83 - index.html HTML Injection source: https://www.securityfocus.com/bid/42572/info Syntax Highlighter is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits...
Syntax Highlighter 3.0.83 - 'index.html' HTML Injection
source: https://www.securityfocus.com/bid/42572/info Syntax Highlighter is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to...
CVE-2008-5186
The setlanguagepath function in geshi.php in Generic Syntax Highlighter GeSHi before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path $path variable. NOTE: this issue has been disputed by a vendor, stating that only...
PT-2008-6329 · Nigel Mcnie · Geshi
Name of the Vulnerable Software and Affected Versions: Generic Syntax Highlighter GeSHi versions prior to 1.0.8.1 Description: The set language path function in geshi.php might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path $pa...