805 matches found
Debian DLA-2618-3 : smarty3 regression update
The security update of smarty3, the compiling PHP template engine, issued as DLA 2618-1 introduced a regression in the smartysecurity class when secure directories are evaluated. Updated smarty3 packages are now available to correct this issue. For Debian 9 stretch, this problem has been fixed in...
[SECURITY] [DLA 2618-1] smarty3 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2618-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA April 05, 2021 https://wiki.debian.org/LTS -...
PT-2021-6745 · Smarty +2 · Smarty +2
Name of the Vulnerable Software and Affected Versions: Smarty versions prior to 3.1.42 and 4.0.2 Description: The issue is related to the incorrect handling of code generation in the Smarty template engine for PHP. This allows template authors to run arbitrary PHP code by crafting a malicious mat...
Debian DLA-2597-1 : velocity-tools security update
It was discovered that there was a cross-site scripting XSS vulnerability in velocity-tools, a collection of useful tools for the 'Velocity' template engine. The default error page could be exploited to steal session cookies, perform requests in the name of the victim, used for phishing attacks a...
Debian DLA-2595-1 : velocity security update
It was discovered that there was a potential arbitrary code execution vulnerability in velocity, a Java-based template engine for writing web applications. It could be exploited by applications which allowed untrusted users to upload/modify templates. For Debian 9 'Stretch', this problem has been...
Debian DSA-4872-1 : shibboleth-sp - security update
Toni Huttunen discovered that the Shibboleth service provider's template engine used to render error pages could be abused for phishing attacks. For additional information please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv20210317.txt C Tenable Network...
Debian DLA-2599-1 : shibboleth-sp2 security update
Toni Huttunen discovered that the Shibboleth service provider's template engine used to render error pages could be abused for phishing attacks. For additional information please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv20210317.txt For Debian 9 stretch,...
[SECURITY] [DSA 4872-1] shibboleth-sp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4872-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 18, 2021 https://www.debian.org/security/faq -...
Debian: Security Advisory (DLA-2595-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2595-1] velocity security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2595-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 17, 2021 https://wiki.debian.org/LTS -...
Logic flaw vulnerability in oasys
oasys is an OA office automation system , the use of Maven for project management , springboot framework based on the development of the project , mysql underlying database , the front-end freemarker template engine , Bootstrap as the front-end UI framework , integrated jpa, mybatis and other...
CVE-2021-21353
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was...
Remote code execution
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was...
CVE-2021-21353
CVE-2021-21353 affects the Pug template engine before v3.0.1. If an attacker controls the pretty option via untrusted input (e.g., query params passed into template inputs), remote code execution on the Node.js backend was possible. The issue is fixed in v3.0.1; pug-code-gen has a backport fix in...
Smart Template Engine Injection Vulnerability
The Smart1 template engine is one of the most famous PHP engines in the industry today. It provides an easy-to-manage way to separate business logic from presentation logic. A vulnerability has been reported in the Smart template engine, which allows an attacker to write to a cache file via the...
Smart Template Engine Injection Vulnerability (CNVD-2021-13245)
The Smart template engine is one of the most famous PHP engines in the industry today. It provides an easy-to-manage way to separate business logic from presentation logic. A vulnerability has been reported in the Smart Template Engine, which allows an attacker to write to a cache file via the...
Simon Wisselink Smarty 代码注入漏洞
The Smart template engine is one of the most famous PHP engines in the industry today. It provides an easy-to-manage way to separate business logic from presentation logic. A vulnerability has been reported in the Smart Template Engine, which allows an attacker to write to a cache file via the...
Simon Wisselink Smarty 安全漏洞
The Smart1 template engine is one of the most famous PHP engines in the industry today. It provides an easy-to-manage way to separate business logic from presentation logic. A vulnerability has been reported in the Smart template engine, which allows an attacker to write to a cache file via the...
PT-2021-6791 · Smarty +2 · Smarty +2
Name of the Vulnerable Software and Affected Versions: Smarty versions prior to 3.1.39 Description: The issue is related to incorrect code generation handling when processing invalid function names in the Smarty template engine for PHP. This can allow a remote attacker to execute arbitrary code...
Jinja2 Resource Management Error Vulnerability
Jinja2 is a Python based template engine. It has full Unicode support and provides an optional sandboxed template execution environment. A resource management error vulnerability exists in jinja2 from 0.0.0 and before 2.11.3, which stems from a ReDOS vulnerability in regex...