CVE-2019-11831

CVE-2019-11831 affects Drupal’s TYPO3 phar-stream-wrapper integration. The vulnerability arises from incomplete validation in the phar:// stream wrapper library, enabling directory traversal that bypasses a deserialization protection mechanism. Affected: phar-stream-wrapper versions 2.x before 2....

Drupal Third-party Libraries Vulnerability (SA-CORE-2019-007) - Windows

Drupal is prone to a vulnerability in the 3rd party library Phar Stream Wrapper. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Drupal Third-party Libraries Vulnerability (SA-CORE-2019-007) - Linux

Drupal is prone to a vulnerability in the 3rd party library Phar Stream Wrapper. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

By-passing protection of Phar Stream Wrapper Interceptor

Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details...

Drupal 7.0.x < 7.67 / 8.6.x < 8.6.16 / 8.7.x < 8.7.1 Drupal Vulnerability (SA-CORE-2019-007)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.67, 8.7.x prior to 8.6.16, or 8.7.x prior to 8.7.1. It is, therefore, affected by a path traversal vulnerability. This security release fixes third-party dependencies included in or...

By-passing protection of Phar Stream Wrapper Interceptor

Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details...

drupal -- Drupal core - Moderately critical

Drupal Security Team reports: CVE-2019-11831: By-passing protection of Phar Stream Wrapper Interceptor. In order to intercept file invocations like fileexists or stat on compromised Phar archives the base name has to be determined and checked before allowing to be handled by PHP Phar stream...

Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper

Exploit Title: Linux/x86 - Reverse Shell Shellcode 91 Bytes + Python Wrapper Exploit Author: Dave Sully Vendor Homepage: Software Link: NA Version: NA Tested on: Ubuntu 16.04 CVE : NA This is the raw assembly ; Filename: reverseshell.nasm ; Author: Dave Sully ; Website: http://suls.co.uk ; Purpos...

Arbitrary Code Execution

Mozilla Firefox is vulnerable to remote code execution RCE.Due to flaws found in the way Chrome Object Wrappers, malicious content could be used to perform cross-site scripting attacks or cause Firefox to execute arbitrary code...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Denial Of Service (DoS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...

Fedora 29 : php (2019-da36d5d484)

PHP version 7.2.17 04 Apr 2019 Core: - Fixed bug php77738 Nullptr deref in zendcompileexpr. Laruence - Fixed bug php77660 Segmentation fault on break 2147483648. Laruence - Fixed bug php77652 Anonymous classes can lose their interface information. Nikita - Fixed bug php77676 Unable to run tests...

LimeSurvey &lt; 3.16 - Remote Code Execution

!/usr/bin/python Description: LimeSurvey shell.php" -p phar -o /tmp/exploit.jpg PHAR = "\x3c\x3f\x70\x68\x70\x20\x5f\x5f\x48\x41\x4c\x54\x5f\x43\x4f\x4d\x50\x49\x4c\x45\x52\x28\x29\x3b\x20\x3f\x3e\x0d\x0a\x38"...

Drupal Core stream wrapper Insecure Deserialization (CVE-2019-6339)

An insecure deserialization vulnerability exists in Drupal Core. The vulnerability is in a stream wrapper when performing file operations. Successful exploitation of this vulnerability could result in arbitrary code execution under the security context of the web server...

[20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor

In Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order to intercept file invocations like fileexists or stat on compromised Phar archives the base name has to be determined and...

Fedora 28 : php-twig2 (2019-e86155be6e)

Version 2.7.2 2019-03-12 - added TemplateWrapper::getTemplateName ---- Version 2.7.1 2019-03-12 - fixed class aliases ---- Version 2.7.0 2019-03-12 - fixed sandbox security issue under some circumstances, calling the toString method on an object was possible even if not allowed by the security...

Deserialization of Untrusted Data

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. It is possible insert the php wrapper “phar” with an arbitrary path in filename parameter that allows arbitrary code...

[SECURITY] Fedora 28 Update: php-typo3-phar-stream-wrapper2-2.0.1-1.fc28

Interceptors for PHP's native phar:// stream handling v2. Autoloader: /usr/share/php/TYPO3/PharStreamWrapper2/autoload.php...

GHSA-PR34-8JFR-XHV8 selenium-wrapper downloads Resources over HTTP

Affected versions of selenium-wrapper insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

selenium-wrapper downloads Resources over HTTP

Affected versions of selenium-wrapper insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...