5 matches found
SUSE CVE-2020-28948
ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...
Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked
ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...
Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...
VulnCheck KEV: CVE-2020-28949
PEAR ArchiveTar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as...
UBUNTU-CVE-2021-33816
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...