10 matches found
CVE-2026-22230
OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0...
BIT-SUPERSET-2025-55674 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions
A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...
GHSA-FXGF-3XH6-M2PP Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions
A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...
CVE-2025-55674
A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...
Access Control Bypass
Overview latte/latte is an intuitive and fast template engine for those who want the most secure PHP sites. Introduces context-sensitive escaping. Affected versions of this package are vulnerable to Access Control Bypass. There is a way to bypass allowFunctions that will affect the security of th...
PHP 5.2.3 imap (Debian Based) - imap_open Disable Functions Bypass Vulnerability
Exploit for linux platform in category local exploits PHP 5.2.3 imap Debian Based - imapopen Disable Functions Bypass Vulnerability /tmp/test0001 $server = "x -oProxyCommand=echo\tZWNobyAnMTIzNDU2Nzg5MCc+L3RtcC90ZXN0MDAwMQo=|base64\t-d|sh"; imapopen''.$server.':143/imapINBOX', '', '' or...
PHP 5.2.3 imap (Debian Based) - imap_open Disable Functions Bypass
PHP 5.2.3 imap Debian Based - imapopen Disable Functions Bypass /tmp/test0001 $server = "x -oProxyCommand=echo\tZWNobyAnMTIzNDU2Nzg5MCc+L3RtcC90ZXN0MDAwMQo=|base64\t-d|sh"; imapopen''.$server.':143/imapINBOX', '', '' or die"\n\nError: ".imaplasterror;...
Gentoo Security Advisory GLSA 200511-08 (PHP)
The remote host is missing updates announced in advisory GLSA 200511-08. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
PHP 5.x COM - Safe Mode Disable Functions Bypass
PHP 5.x COM - Safe Mode Disable Functions Bypass sounds good //The windows version of PHP has built in support for this extension. You do not need to //load any additional extension in order to use these functions. //You are responsible for installing support for the various COM objects that you...
PHP4 cURL functions bypass open_basedir
==================================================== Subject: PHP4 cURL functions bypass openbasedir Author: frame at kernelpanik.org Product: PHP4 compile with cURL not tested in PHP5 Vendor: PHP/Zend Vendor URL: www.php.net Tipe: Local Risk: Low/Medium...