Lucene search
K

111 matches found

debiancve
debiancve
added 2018/09/14 8:0 p.m.83 views

CVE-2018-17057

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

9.8CVSS9.6AI score0.26172EPSS
Exploits7
friendsofphp
friendsofphp
added 2018/09/14 3:26 p.m.19 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
ptsecurity
ptsecurity
added 2018/09/14 12:0 a.m.3 views

PT-2018-13869 · Tcpdf · Tcpdf

Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.2.22 Description: An issue allows attackers to trigger deserialization of arbitrary data via the phar:// wrapper. Recommendations: For versions prior to 6.2.22, update to version 6.2.22 or later to resolve the issue...

9.8CVSS9.4AI score0.26172EPSS
Exploits7References21
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.31 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

7.5CVSS2.9AI score0.26172EPSS
Exploits7Affected Software1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.34 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

7.5CVSS2.9AI score0.26172EPSS
Exploits7Affected Software1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.38 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

7.5CVSS2.9AI score0.26172EPSS
Exploits7Affected Software1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.57 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.25 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.22 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.20 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

7.5CVSS2.9AI score0.26172EPSS
Exploits7Affected Software1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.29 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
Rows per page
Query Builder