Lucene search
K

8 matches found

OSV
OSV
added 2026/05/06 9:34 p.m.5 views

GHSA-3XJV-PMF2-GF2Q Flight has path traversal in `make:controller` CLI that creates arbitrary directories outside project root

Summary The make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name contains /, but the recursive directory creation side effect...

4.4CVSS5.8AI score0.00154EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/03 12:0 a.m.5 views

sysPass 安全漏洞

sysPass is a system password manager by RubénD Personal Developer. A security vulnerability exists in sysPass version 3.2.x, which stems from vulnerability to cross-site scripting attacks. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by injecting a specially...

6.1CVSS6.1AI score0.00315EPSS
Exploits0References4
CNVD
CNVD
added 2018/12/11 12:0 a.m.1 views

ThinkPHP5 Remote Code Execution Vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking Information Technology Co., Ltd. development and maintenance of the MVC structure of the open-source PHP framework. A remote code execution vulnerability exists in thinkphp5. The vulnerability is due to the framework fails to perfo...

8.4AI score
In wildExploits0References1
NVD
NVD
added 2013/07/31 1:20 p.m.36 views

CVE-2013-2121

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...

6CVSS7.3AI score0.24782EPSS
Exploits5References5
Prion
Prion
added 2013/07/31 1:20 p.m.15 views

Design/Logic Flaw

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...

6CVSS7.9AI score0.24782EPSS
Exploits5References5Affected Software2
RedHat Linux
RedHat Linux
added 2013/06/27 4:38 p.m.2 views

Foreman: app/controllers/bookmarks_controller.rb remote code execution

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...

6CVSS6.2AI score0.24782EPSS
Exploits5References4
NVD
NVD
added 2012/08/14 10:55 p.m.17 views

CVE-2012-4329

The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service continuous restart via a crafted controller name...

7.8CVSS6.7AI score0.13344EPSS
Exploits1References7
Prion
Prion
added 2012/08/14 10:55 p.m.14 views

Code injection

The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service continuous restart via a crafted controller name...

7.8CVSS7.3AI score0.13344EPSS
Exploits1References7
Rows per page
Query Builder