83 matches found
CVE-2023-23924
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This may lead to arbitrary object unserialize on PHP 8, through the phar URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with...
Remote code execution
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This may lead to arbitrary object unserialize on PHP 8, through the phar URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with...
CVE-2023-23924
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This may lead to arbitrary object unserialize on PHP 8, through the phar URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with...
CVE-2023-23924 URI validation failure on SVG parsing in Dompdf
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This may lead to arbitrary object unserialize on PHP 8, through the phar URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with...
PT-2023-1267 · Dompdf +1 · Dompdf +1
Name of the Vulnerable Software and Affected Versions: Dompdf version 2.0.1 Dompdf versions prior to 8.0.0 Description: The issue is related to the incorrect order of authorization checks before syntax analysis and canonization when processing tags with uppercase letters in SVG parsing. This can...
Debian: Security Advisory (DLA-3090-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3090-1] php-horde-turba security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3090-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 31, 2022 https://wiki.debian.org/LTS -...
rubygem-json: Unsafe object creation vulnerability in JSON
A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...
CodeIgniter code issues vulnerabilities
CodeIgniter is an open source Web framework written in PHP. codeIgniter is vulnerable to a code issue that stems from the deserialization of untrusted data found in the old function of the software. A remote attacker could use the vulnerability to inject an arbitrary object with the vulnerability...
Prototype Pollution
merge-deep is vulnerable to prototype pollution. The vulnerability exists as it is possible to overwrite Object.prototype with arbitrary object properties in the merge function...
CVE-2020-10289
Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib...
rubygem-json: Unsafe object creation vulnerability in JSON
A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...
Ruby JSON gem input validation error vulnerability
Ruby JSON gem is a Ruby-based package for parsing JSON from text and generating JSON text from Ruby objects. An input validation error vulnerability in Ruby JSON gem version 2.2.0 and earlier can be exploited to force the creation of arbitrary objects on a target system...
Multiple Phar Deserialization Vulnerabilities in SuiteCRM
SuiteCRM is a free and open source customer relationship management application. SuiteCRM suffers from multiple Phar deserialization vulnerabilities. An attacker can exploit the vulnerabilities to inject arbitrary PHP objects into the scope of the application, allowing the execution of various...
CVE-2019-9791
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...
CVE-2019-9791
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...
CVE-2019-9791
CVE-2019-9791 affects Thunderbird and Firefox (including Firefox ESR) and stems from the IonMonkey JIT: type confusion for constructors entered via on-stack replacement. The advisory notes that the vulnerability can enable arbitrary reading/writing of objects during an exploitable crash, with fix...
Windows Exploitation Tricks: Exploiting Arbitrary Object Directory Creation for Local Elevation of Privilege
Posted by James Forshaw, Project Zero And we’re back again for another blog in my series on Windows Exploitation tricks. This time I’ll detail how I was able to exploit Issue 1550 which results in an arbitrary object directory being created by using a useful behavior of the CSRSS privileged...
NetApp StorageGRID Webscale Arbitrary Object Deletion Vulnerability
NetApp StorageGRID Webscale is a suite of scalable object storage software from American NetApp. A security vulnerability exists in NetApp StorageGRID Webscale, which allows remote attackers to exploit the vulnerability to commit special deletion of arbitrary objects...
PostgreSQL PL/Java Arbitrary Object Access Vulnerability
PostgreSQL PL/Java is the PostgreSQL development team developed a database can be used in Java code to write stored procedures , triggers and functions of the open source project . A security vulnerability exists in PostgreSQL PL/Java 9.0 and earlier versions. An attacker can exploit the...