FreeBSD : redis,valkey -- Denial-of-service valnerability due to malformed ACL selectors (4d79fd1a-cc93-11ef-abed-08002784c58d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4d79fd1a-cc93-11ef-abed-08002784c58d advisory. Redis core team reports: An authenticated with sufficient privileges may create a malformed ACL selecto...

GHSA-RF5M-H8Q9-9W6Q Information Disclosure in TYPO3 Page Tree

Problem Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. Solution Upda...

Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin

A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000, impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which...

GHSA-4VR9-8CJF-VF9C Async-h1 request smuggling possible with long unread bodies

Impact This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the body of a request which is longer than some buffer length, async-h1 will attempt to read a subsequent request from the body content...

Twig: Sandbox Information Disclosure

Affected versions Twig 1.0.0 to 1.37.1 and 2.0.0 to 2.6.2 are affected by this security issue. The issue has been fixed in Twig 1.38.0 and 2.7.0. Description This vulnerability affects the sandbox mode of Twig. If you are not using the sandbox, your code is not affected. Twig allows the evaluatio...

CRS - OWASP ModSecurity Core Rule Set

The OWASP ModSecurity Core Rule Set CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The Core Rule Se...

CVE-2018-11386: Denial of service when using PDOSessionHandler

Affected versions Symfony 2.7.0 to 2.7.47, 2.8.0 to 2.8.40, 3.3.0 to 3.3.16, 3.4.0 to 3.4.10, and 4.0.0 to 4.0.10 versions of the Symfony http-foundation component are affected by this security issue. The issue has been fixed in Symfony 2.7.48, 2.8.41, 3.3.17, 3.4.11, and 4.0.11. 4.1.0 has also...

CVE-2018-11385: Session Fixation Issue for Guard Authentication

Affected versions Symfony 2.7.0 to 2.7.47, 2.8.0 to 2.8.40, 3.3.0 to 3.3.16, 3.4.0 to 3.4.10 and 4.0.0 to 4.0.10 versions of the Symfony Security component are affected by this security issue. The issue has been fixed in Symfony 2.7.48, 2.8.41, 3.3.17, 3.4.11, and 4.0.11. Note that no fixes are...

CVE-2017-16654: Intl bundle readers breaking out of paths

Affected versions Symfony 2.7.0 to 2.7.37, 2.8.0 to 2.8.30, 3.2.0 to 3.2.13, and 3.3.0 to 3.3.12 versions of the Symfony Intl component are affected by this security issue. The issue has been fixed in Symfony 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. Note that no fixes are provide...

Legal Robot: Privilege Escalation to Admin-level Account

A security researcher discovered a potentially serious privilege escalation issue in our system which was ultimately traced to our use of the allow-deny package provided in the open source Meteor framework. We implemented a short-term fix using triggers - not great performance on the same day thi...

Android Broadcom Wi-Fi Driver Memory Corruption

/ Copyright C 2016 by AbdSec Core Team This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at your option any later version. This program is...

Google Android Broadcom Wi-Fi Driver - Memory Corruption

/ Copyright C 2016 by AbdSec Core Team This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at your option any later version. This program is...

FreeBSD : yii -- Remote arbitrary PHP code execution (5a35bc56-7027-11e4-a4a3-001999f8d30b)

Yii PHP Framework developers report : We are releasing Yii 1.1.15 to fix a security issue found in 1.1.14. We urge all 1.1.14 users to upgrade their Yii to this latest release. Note that the issue only affects 1.1.14. All previous releases are not affected. Upgrading to this release from 1.1.14 i...

WWW File Share Pro v7.0 - Remote Denial of Service

Document Title: =============== WWW File Share Pro v7.0 - Remote Denial of Service References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1309 View: https://www.youtube.com/watch?v=1Y-B7ctbixs Release Date: ============= 2014-08-29 Vulnerability Laboratory ID VL-ID:...

[SECURITY] Netfilter Security Advisory: Conntrack list_del() DoS

Netfilter Core Team Security Advisory CVE: CAN-2003-0187 Subject: Netfilter / Connection Tracking Remote DoS Released: 01 Aug 2003 Effects: Any remote user may be able to DoS a machine with netfilter connection tracking when running a specific version of the Linux kernel. Estimated Severity: High...