21 matches found
EUVD-2014-4592
Malware in sbrugna...
EUVD-2014-4617
Malware in sbrugna...
EUVD-2025-18564
Malicious code in bioql PyPI...
CVE-2023-5414 Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...
SUSE CVE-2014-4670
Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments...
GHSA-PR3H-JJHJ-573X Sprockets path traversal leads to information leak
Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Workaround:...
Ruby on Rails: Path Traversal on Default Installed Rails Application (Asset Pipeline)
There is an information leak vulnerability in Sprockets. This vulnerability has been assigned the CVE identifier CVE-2018-3760. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Not affected: NONE Fixed Versions: 4.0.0.beta8, 3.7.2, 2.12.5 Impact ------ Specially crafte...
GLSA-201710-16 : Shadow: Buffer overflow
The remote host is affected by the vulnerability described in GLSA-201710-16 Shadow: Buffer overflow Malformed input in the newusers tool may produce crashes and other unspecified behaviors. Impact : A remote attacker could possibly cause a Denial of Service condition or bypass privilege boundari...
CVE-2017-12424
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes with a buffer overflow or other memory corruption or other unspecified behaviors. This crosses a privilege boundary in, for example,...
CVE-2017-12424
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes with a buffer overflow or other memory corruption or other unspecified behaviors. This crosses a privilege boundary in, for example,...
Watcher v1.5.8 - Web Security Testing Tool and Passive Vulnerability Scanner
Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...
openSUSE Security Update : php5 (openSUSE-2014-471)
php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in...
CVE-2014-4698
Use-after-free vulnerability in ext/spl/splarray.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments...
Design/Logic Flaw
Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments...
Design/Logic Flaw
Use-after-free vulnerability in ext/spl/splarray.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments...
CVE-2014-4670
CVE-2014-4670 is a use-after-free in PHP’s SPL extension (ext/spl/spl_dllist.c) that allows context-dependent, local attackers to trigger denial of service or potentially other impact through crafted Iterator usage in PHP versions up to 5.5.14. The vulnerability arises from use-after-free in the ...
CVE-2014-4698
Use-after-free vulnerability in ext/spl/splarray.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments...
CVE-2014-4670
Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments...
UBUNTU-CVE-2014-4698
Use-after-free vulnerability in ext/spl/splarray.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments...
Code injection
app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain...