Lucene search
K

17 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/14 8:39 p.m.3 views

CVE-2026-25125

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side information disclosure vulnerability in the INI settings parser. Because PHP's parseinistring function supports $ syntax for environment variable interpolation, attackers with...

4.9CVSS5.8AI score0.00326EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/05/08 2:15 a.m.5 views

AZL-40346 CVE-2024-2746 affecting package dnf5 for versions less than 5.1.11-3

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...

8.8CVSS5.9AI score0.00213EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.1 views

SUSE CVE-2017-11628

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input...

7CVSS9.1AI score0.03365EPSS
Exploits0References7
OSV
OSV
added 2022/07/26 12:1 a.m.6 views

GHSA-7VRV-5M2H-RJW9 ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS5.9AI score0.00787EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.3 views

js-ini 安全漏洞

js-ini is a Node.js package for encoding/decoding ini-like strings from the Russian individual developer Denis. A security vulnerability exists in versions of js-ini prior to 1.3.0 that stems from the package's susceptibility to prototype contamination, which can be exploited by an attacker to...

9.8CVSS8.2AI score0.00984EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2021/08/26 10:18 a.m.3 views

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS7.3AI score0.03612EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/02/16 2:25 p.m.1 views

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS7.3AI score0.03612EPSS
Exploits1References4
Snyk
Snyk
added 2021/01/29 3:1 p.m.3 views

Prototype Pollution

Overview iniparserjs is an ini style file parser for node Affected versions of this package are vulnerable to Prototype Pollution. This vulnerability relates when iniparser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototy...

6.8CVSS6.6AI score0.00982EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2020/12/11 10:45 a.m.28 views

CVE-2020-7788

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS7.5AI score0.03612EPSS
Exploits1
CNNVD
CNNVD
added 2020/12/11 12:0 a.m.7 views

npm Ini Resource Management Error Vulnerability

npm Ini is a Javascript-based code library for parsing and serializing Ini format files from the US-based npm Inc. A resource management error vulnerability exists in npm Ini 1.3.6, which allows an attacker to exploit the vulnerability by submitting a malicious INI file to an application that wil...

9.8CVSS6.8AI score0.03612EPSS
Exploits1References21
Node.js
Node.js
added 2020/12/09 10:25 p.m.23 views

Prototype Pollution

Overview ini before version 1.3.6 has a Prototype Pollution vulnerability. Impact If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. Patches This h...

6.7AI score
Exploits0Affected Software1
Snyk
Snyk
added 2020/12/08 1:2 p.m.2 views

Prototype Pollution

Overview js-ini is a parsing and serialize ini files Affected versions of this package are vulnerable to Prototype Pollution. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further...

9.8CVSS9AI score0.00984EPSS
Exploits1References2
Debian
Debian
added 2018/01/08 10:33 p.m.64 views

[SECURITY] [DSA 4081-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4081-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2018 https://www.debian.org/security/faq -...

9.8CVSS10AI score0.26373EPSS
Exploits2
OSV
OSV
added 2017/08/10 3:26 p.m.7 views

USN-3382-1 php5, php7.0 vulnerabilities

It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. CVE-2015-8994 It was discovered that the PHP...

9.8CVSS7AI score0.07511EPSS
Exploits7References14
OSV
OSV
added 2017/07/25 12:0 a.m.3 views

UBUNTU-CVE-2017-11628

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input...

7.8CVSS7.5AI score0.03365EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/07/13 12:0 a.m.2852 views

PHP 5.6.x < 5.6.31 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.31. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compilebracketmatchingpath function within file pcrejitcompile.c. An...

9.8CVSS7.3AI score0.08255EPSS
Exploits5References14
Hacker One
Hacker One
added 2017/07/12 9:21 a.m.128 views

Internet Bug Bounty: PHP INI Parsing Stack Buffer Overflow Vulnerability

Description: A stack buffer overflow exists in the latest stable release of PHP-7.1.5 and PHP-5.6.30 in PHP INI parsing API, which may accept network / local filesystem input. On malformed inputs, a stack buffer overflow in zendinidoop could write 1-byte off a fixed size stack buffer. On...

6.8CVSS8.8AI score0.03365EPSS
Exploits0
Rows per page
Query Builder