10 matches found
CVE-2022-24376
All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue...
PT-2022-16654 · Unknown · Git-Promise
Name of the Vulnerable Software and Affected Versions: git-promise versions all Description: The issue is related to Command Injection due to an inappropriate fix of a prior vulnerability in the git-promise package. The README file was updated with a warning regarding this issue. It is noted that...
GHSA-J8MX-X32R-5RF4 phpMyAdmin XSS Vulnerability
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are...
Command Injection
Overview git-promise is a Simple wrapper that allows you to run any git command using a more intuitive syntax. Affected versions of this package are vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will...
Debian DLA-1408-1 : simplesamlphp security update
CVE-2017-12872 / CVE-2017-12868 The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret...
CVE-2016-9856
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are...
Race condition
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are...
CVE-2016-9856
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are...
CVE-2016-9856
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are...
FengCMS 修复不当导致getshell
简要描述: FengCMS 修复不当导致getshell,属于修复不当,跟其他的没重复了- -,对审核同学造成的不便深感歉意。 详细说明: 之前提交过一次跟 WooYun: FengCMS新版本重装 漏洞重复了。现在重新看一下。发现修复的有问题,而且install目录默认是不会自动删除的,依然可以getshell! header"Content-type:text/html;charset=utf-8"; define"TPLINCLUDE",1; // 定义当前路径 define'ABSPATH',dirnameFILE; define'ROOTPATH',dirnameABSPATH...