27 matches found
CVE-2026-56304
CVE-2026-56304 affects picklescan versions before 1.0.1. The flaw is an unsafe pickle deserialization through the logging.FileHandler class, allowing unauthenticated attackers to craft malicious pickle payloads to create arbitrary zero-byte files. This can bypass RCE blocklists and lead to filesy...
CVE-2026-42473
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the FileHandler process. An attacker can execute arbitrary code by supplying crafted serialized data to the session or cache handlers, which are processed using unserialize from the filesystem...
CVE-2026-42473
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...
EUVD-2026-26674
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...
Mix PHP 代码问题漏洞
Mix PHP is Mix PHP open source a PHP command line mode development framework that supports seamless multi-server ecosystem switching. A code issue vulnerability exists in Mix PHP versions 2.x through 2.2.17 that stems from a session and cache handler call to unserialize on file system data in the...
PT-2026-36490
Name of the Vulnerable Software and Affected Versions MixPHP Framework versions 2.x through 2.2.17 Description An unsafe deserialization issue exists where the session and cache handlers utilize the unserialize function on data retrieved from the filesystem within the FileHandler object...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via logging.FileHandler. An attacker can write empty files on the target filesystem by supplying a malicious...
The vulnerability of the FileHandler component of the cross-platform 3D model import library Assimp (Open Asset Import Library) allows a attacker to trigger a service failure.
The vulnerability of the FileHandler component in the cross-platform import library for 3D models, Assimp Open Asset Import Library, is related to buffer overflow in the stack. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the FileHandler component of the cross-platform 3D model import library Assimp (Open Asset Import Library) allows a hacker to trigger a service failure.
The vulnerability of the FileHandler component of the cross-platform 3D model import library Assimp Open Asset Import Library is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the FileHandler component of the cross-platform 3D model import library Assimp (Open Asset Import Library) allows a hacker to trigger a service failure.
The vulnerability of the FileHandler component in the cross-platform Assimp 3D model import library Open Asset Import Library is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
Progress Software WS_FTP Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WSFTP. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileHandler module. The issue results from the lack of proper validation...
The vulnerability of the FileHandler component in the Open Asset Import Library (Assimp) library allows a hacker to execute arbitrary code.
The vulnerability of the FileHandler component in the Open Asset Import Library Assimp library is related to buffer overflow attacks. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...
The vulnerability of the FileHandler component in the Google Chrome browser for the ChromeOS operating system allows a hacker to compromise the confidentiality and integrity of information.
The vulnerability of the FileHandler component in Google Chrome’s browser for the ChromeOS operating system is related to an improper definition of links before accessing the file. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of...
Microsoft Exchange FileHandler Exposed Dangerous Function Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileHandler class. The issue results from the exposure of a dangerous functio...
Apache Struts Multiple XSS Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in component handlers in the javatemplates aka Java Templates plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of...
Spoofing
DISPUTED In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under...
CVE-2022-26520
In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in component handlers in the javatemplates aka Java Templates plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of...
Apache Tomcat's default security policy is too open
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...