Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads

The eZ Platform and Legacy are affected by an issue related to how uploaded PHP and PHAR files are handled, and consists of two parts: 1. Web server configuration, and 2. Disabling the PHAR stream wrapper. 1. WEB SERVER CONFIGURATION The sample web server configuration in our documentation can in...

Privilege Escalation

cyrus-imapd is vulnerable to privilege escalation. An attacker is able to obtain additional privileges due to an insecure interpretation of HTTP requests during authentication...