3 matches found
TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool
Problem Local platform users who can write to TYPO3’s mail‑file spool directory can craft a file that the system will automatically deserialize without any class restrictions. This flaw allows an attacker to inject and execute arbitrary PHP code in the public scope of the web server. The...
Deserialization of Untrusted Data
Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to deserialization of files without any class restrictions. A local attacker can execute arbitrary PHP code by crafting a...
CVE-2002-1509
A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group mode 660, which allows other users in the same group to read or modify the new user's incoming email...