8 matches found
GHSA-3XJV-PMF2-GF2Q Flight has path traversal in `make:controller` CLI that creates arbitrary directories outside project root
Summary The make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name contains /, but the recursive directory creation side effect...
sysPass 安全漏洞
sysPass is a system password manager by RubénD Personal Developer. A security vulnerability exists in sysPass version 3.2.x, which stems from vulnerability to cross-site scripting attacks. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by injecting a specially...
ThinkPHP5 Remote Code Execution Vulnerability
ThinkPHP is developed and maintained by the Shanghai Top Thinking Information Technology Co., Ltd. development and maintenance of the MVC structure of the open-source PHP framework. A remote code execution vulnerability exists in thinkphp5. The vulnerability is due to the framework fails to perfo...
CVE-2013-2121
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...
Design/Logic Flaw
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...
Foreman: app/controllers/bookmarks_controller.rb remote code execution
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...
CVE-2012-4329
The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service continuous restart via a crafted controller name...
Code injection
The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service continuous restart via a crafted controller name...