13 matches found
EUVD-2021-11785
Malware in sbrugna...
EUVD-2021-30477
Malicious code in bioql PyPI...
BIT-SYMFONY-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use issafe=html but don't actually ensure their input is safe. As of...
CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use issafe=html but don't actually ensure their input is safe. As of...
DEBIAN-CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use issafe=html but don't actually ensure their input is safe. As of...
UBUNTU-CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use issafe=html but don't actually ensure their input is safe. As of...
CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use issafe=html but don't actually ensure their input is safe. As of...
CVE-2023-46734 Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use issafe=html but don't actually ensure their input is safe. As of...
CVE-2023-30552 SQL injection in sql/instance.py endpoint in Archery - GHSL-2022-101
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sql/instance.py endpoint's describe method. In several cases, user...
PT-2023-22779 · Archery · Archery
Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities that may allow an attacker to query the connected databases. The issue arises from the sql/instance.py endpoint's describ...
PT-2023-6422 · Unknown +3 · Active Record +3
Name of the Vulnerable Software and Affected Versions: ActiveRecord versions 6.0.0 through 6.0.6, versions 6.1.0 through 6.1.7, and versions 7.0.0 through 7.0.4 Description: A vulnerability in ActiveRecord is related to the sanitization of comments, which may allow an attacker to inject SQL outsi...
nodejs: Prototype pollution via console.table properties
Due to the formatting logic of the "console.table" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has...
Open Business Management 1.0.3 pl1 group_index.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to t...