admin 安全漏洞

admin is a chatroom software developed by z-9527 as an individual developer. Both the 1.0 and 2.0 versions of admin have security vulnerabilities. These vulnerabilities stem from incorrect operations with the parameter “isAdmin” in the file/server/routes/user.js, which may lead to the dynamic...

CVE-2020-1900

When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32....

Drupal core 安全漏洞

Drupal core is a free, open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal core that stems from improper modification of dynamic object properties, which could lead to object injection...

The vulnerability of the Drupal CMS system’s kernel lies in the insufficient control over the modification of dynamically defined object properties, allowing attackers to execute arbitrary code.

The vulnerability of the Drupal CMS system’s kernel is related to insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

The vulnerability of the application programming interface of the graphical programming environment for creating threaded applications, Node-Red, allows a hacker to modify the default JavaScript object prototype.

The vulnerability of the application programming interface of the graphical programming environment for creating threaded applications like Node-Red is related to insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability could allow a...

The vulnerability of the nsm-web interface of the software platform for managing security in industrial networks from MXSecurity allows a perpetrator to register or add any device.

The vulnerability of the nsm-web interface of the MXSecurity software platform for managing security in industrial networks is related to insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability could allow a malicious actor to register or...

The vulnerability of the JSON Schema application for checking and testing JSON files lies in the lack of adequate control over the modification of dynamically defined object properties, allowing a perpetrator to execute arbitrary code.

The vulnerability of the JSON Schema-based application for checking and testing JSON files is related to insufficient control over the modification of dynamically defined object properties during JSON file processing. Exploiting this vulnerability could allow a malicious actor, operating remotely...

The vulnerability of the console.table() function implementation in Node.js’s software platform allows attackers to trigger a service failure or bypass security restrictions.

The vulnerability of the console.table function implementation in Node.js.js platforms is related to insufficient control over dynamically defined object properties. Exploiting this vulnerability could allow a malicious actor to trigger service failures or circumvent security restrictions by...

UBUNTU-CVE-2020-1900

When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32....

Design/Logic Flaw

When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32....

CVE-2020-1900

HHVM (HipHop VM) has a vulnerability CVE-2020-1900 affecting unserialization of objects with dynamic properties. The issue occurs when HHVM does not pre-reserve the full size of the dynamic property array before inserting into it, causing potential array resizing that can invalidate previously st...

The vulnerability of the Apache Struts software platform lies in the lack of proper control over the modification of dynamically defined object properties, allowing attackers to execute arbitrary code.

The vulnerability of the Apache Struts software framework is related to insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...