8 matches found
web2py vulnerable to OS command injection
Overview web2py web application framework contains an OS command injection vulnerability CWE-78. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When web2py is configured to u...
acido (>=0.16.0 <=0.53.0), adx-logging-handler (>=1.0.0 <=1.0.3) +105 more potentially affected by CVE-2022-30187 via azure-storage-queue (>=0.37.0 <=12.3.0)
azure-storage-queue PYPI version =0.37.0, =0.16.0, =1.0.0, =2.13.1.post2, =0.2.0, =2.3.1, =1.2.0, =0.1.0, =1.0.0, =0.1.5, =0.1.0, =0.5.10, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2022-30187 Source advisory: OSV:GHSA-64X4-9HC6-R2H6...
GHSA-727H-HRW8-JG8Q Path traversal in org.postgresql:postgresql
In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...
CRLF Injection
simplesamlphp/simplesamlphp is vulnerable to CRLF injection. The vulnerability exists as the file logging handler is configured to be used with simplesamlphp, allowing the unsanitized values of reportID to be used to inject newline characters into logs...
CVE-2020-5225
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...
CVE-2020-5225
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...
Ubuntu 4.10 / 5.04 / 5.10 : libgda2 vulnerability (USN-212-1)
Steve Kemp discovered two format string vulnerabilities in the logging handler of the Gnome database access library. Depending on the application that uses the library, this could have been exploited to execute arbitrary code with the permission of the user running the application. Note that...
USN-212-1: libgda2 vulnerability
Steve Kemp discovered two format string vulnerabilities in the logging handler of the Gnome database access library. Depending on the application that uses the library, this could have been exploited to execute arbitrary code with the permission of the user running the application...