17 matches found
CVE-2026-25125
October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side information disclosure vulnerability in the INI settings parser. Because PHP's parseinistring function supports $ syntax for environment variable interpolation, attackers with...
AZL-40346 CVE-2024-2746 affecting package dnf5 for versions less than 5.1.11-3
Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...
SUSE CVE-2017-11628
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input...
GHSA-7VRV-5M2H-RJW9 ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
js-ini 安全漏洞
js-ini is a Node.js package for encoding/decoding ini-like strings from the Russian individual developer Denis. A security vulnerability exists in versions of js-ini prior to 1.3.0 that stems from the package's susceptibility to prototype contamination, which can be exploited by an attacker to...
nodejs-ini: Prototype pollution via malicious INI file
A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
nodejs-ini: Prototype pollution via malicious INI file
A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
Prototype Pollution
Overview iniparserjs is an ini style file parser for node Affected versions of this package are vulnerable to Prototype Pollution. This vulnerability relates when iniparser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototy...
CVE-2020-7788
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
npm Ini Resource Management Error Vulnerability
npm Ini is a Javascript-based code library for parsing and serializing Ini format files from the US-based npm Inc. A resource management error vulnerability exists in npm Ini 1.3.6, which allows an attacker to exploit the vulnerability by submitting a malicious INI file to an application that wil...
Prototype Pollution
Overview ini before version 1.3.6 has a Prototype Pollution vulnerability. Impact If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. Patches This h...
Prototype Pollution
Overview js-ini is a parsing and serialize ini files Affected versions of this package are vulnerable to Prototype Pollution. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further...
[SECURITY] [DSA 4081-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4081-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2018 https://www.debian.org/security/faq -...
USN-3382-1 php5, php7.0 vulnerabilities
It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. CVE-2015-8994 It was discovered that the PHP...
UBUNTU-CVE-2017-11628
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input...
PHP 5.6.x < 5.6.31 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.31. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compilebracketmatchingpath function within file pcrejitcompile.c. An...
Internet Bug Bounty: PHP INI Parsing Stack Buffer Overflow Vulnerability
Description: A stack buffer overflow exists in the latest stable release of PHP-7.1.5 and PHP-5.6.30 in PHP INI parsing API, which may accept network / local filesystem input. On malformed inputs, a stack buffer overflow in zendinidoop could write 1-byte off a fixed size stack buffer. On...