PT-2024-19487 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: swftools version 0.9.2 Description: The issue is related to a Stack Buffer Underflow in the dict foreach keyvalue function located at swftools/lib/q.c. This can potentially lead to a denial of service. Recommendations: For swftools version...

PT-2023-19924 · Workerd · Workerd

Name of the Vulnerable Software and Affected Versions: workerd versions prior to v1.20230419.0 Description: The FormData API implementation in workerd was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach method could end up reading from the wro...

Malicious code in lodashfroeach (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 281c7ec11329fae7f591474152da76436f0d91f9246ee789feb6c8f7e4fcdbec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ccsv Double Free vulnerability

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service double free and application crash or possibly have unspecified other impact via a crafted file...

Fedora 29 : php-Smarty (2019-e595e8a7d7)

===== 3.1.33 release ===== 12.09.2018 ===== 3.1.33-dev-12 ===== 03.09.2018 - bugfix foreach using new style property access like $item@property on Smarty 2 style named foreach loop could produce errors https://github.com/smarty-php/smarty/issues/484 Note that Tenable Network Security has extracte...

Ccsv Denial of Service Vulnerability

Ccsv is a CSV parser for Ruby. A security vulnerability exists in the 'foreach' function of the ext/ccsv.c file in Ccsv version 1.1.0. A remote attacker can exploit this vulnerability with the help of a specially crafted file to cause a denial of service double release and application crash...

Double free

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service double free and application crash or possibly have unspecified other impact via a crafted file...

PT-2017-14024 · Ccsv · Ccsv

Name of the Vulnerable Software and Affected Versions: Ccsv version 1.1.0 Description: The issue allows remote attackers to cause a denial of service, resulting in a double free and application crash, or possibly have other unspecified impacts via a crafted file. This is related to the foreach...

Joomla Zap Weather FPD & Zap Calendar跨站脚本漏洞

No description provided by source. Title - Joomla Zap Weather FPD & Zap Calendar XSS Date: 01.21.2014 Vendor: zcontent.net extensions.joomla.org/extensions/owner/cogliano Versions - Z Weather v9 & Zap Calendar v4.0 Latests ATM Contant: smashatdevilteam.pl Zap Weather PoC -...

DEDECMS website management system template execution vulnerability-vulnerability warning-the black bar safety net

DEDECMS website management system template execution vulnerability One not careful, your server will be hacked, such as database password is too simple, the server password is too simple, or CMS system vulnerabilities. The following is a DEDE of the template execution vulnerability. Vulnerability...

Discuz!4.x wap\index.php 变量覆盖漏洞

Discuz!4.x一直存在着一个变量覆盖漏洞n年了.代码如下: $chs = ''; if$POST && $charset != 'utf-8' $chs = new Chinese'UTF-8', $charset; foreach$POST as $key = $value $$key = $chs-Convert$value; //foreach处理$POST导致变量覆盖 unset$chs;...

CVE-2006-1726

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the jsValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method...

Design/Logic Flaw

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the jsValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method...

CVE-2006-1726

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the jsValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method...

CVE-2006-1726

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the jsValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method...

Security check of js_ValueToFunctionObject() can be circumvented — Mozilla

The security check in jsValueToFunctionObject can be bypassed by clever use of setTimeout and the new Firefox 1.5 array method ForEach. shutdown demonstrated how to leverage this into a privilege escalation vulnerability that would allow the installation of malware...