Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the constructor when the binary path is sourced from user-influenced configuration, environment variables derived from request data, or concatenated with user-controlled fragments. An attacker can execute arbitrary...

EUVD-2024-45938

Malicious code in bioql PyPI...

Kirby vulnerable to path traversal of collection names during file system lookup

TL;DR This vulnerability affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data. Sites that only use fixed calls to the collection helper/$kirby-collection method i.e. calls...

CVE-2024-52525 Nextcloud Server User password is available in memory of the PHP process

Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage Redis or disk, but it would allow a malicious process that gains access to t...

CVE-2024-52525

CVE-2024-52525 – Nextcloud Server : The vulnerability concerns how the server handles user passwords in memory. Under certain conditions, a user password could be stored unencrypted in the PHP process memory; although session data is encrypted when stored in Redis or disk, a malicious process wit...

User password is available in memory of the PHP process

None...

Denial Of Service (DoS)

typo3/cms is vulnerable to Denial of Service DoS. The vulnerability is due to handling large .youtube and .vimeo files in the backend, leading to high consumption of system resources and exceeding PHP process limits, resulting in a dysfunctional backend component...

TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling .youtube and .vimeo files in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

GHSA-29M4-MX89-3MJG TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling .youtube and .vimeo files in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

SUSE CVE-2015-5161

The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...

RiteCMS 3.1.0 - Arbitrary File Deletion (Authenticated) Vulnerability

Exploit Title: RiteCMS 3.1.0 - Arbitrary File Deletion Authenticated Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0 Google Dork:...

RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated) Vulnerability

Exploit Title: RiteCMS 3.1.0 - Arbitrary File Overwrite Authenticated Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: Browse.. 4. Upload any fi...

RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated)

Exploit Title: RiteCMS 3.1.0 - Arbitrary File Overwrite Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: Browse...

XOS Shop 1.0.9 - (Multiple) Arbitrary File Deletion (Authenticated) Vulnerability

Exploit Title: XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion Authenticated Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://xos-shop.com Software Link: https://github.com/XOS-Shop/xosshopsystem/releases/tag/v1.0.9 Version: 1.0.9 Tested on: Windows 10, XAMP...

XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion (Authenticated)

Exploit Title: XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion Authenticated Date: 2021-07-25 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://xos-shop.com Software Link: https://github.com/XOS-Shop/xosshopsystem/releases/tag/v1.0.9 Version: 1.0.9 Tested on:...

GHSA-7Q44-R25X-WM4Q Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows

PHPMailer 6.4.1 contains a possible remote code execution vulnerability through the $langpath parameter of the setLanguage method. If the $langpath parameter is passed unfiltered from user input, it can be set to a UNC path, and if an attacker is also able to create a remote mount on the server...

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2018-1224)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

typo3 -- multiple vulnerabilities

Typo3 core team reports: CKEditor 4.11 fixes an XSS vulnerability in the HTML parser reported by maxarr. The vulnerability stemmed from the fact that it was possible to execute XSS inside the CKEditor source area after persuading the victim to: i switch CKEditor to source mode, then ii paste a...

Denial of Service in Online Media Asset Handling

Online Media Asset Handling .youtube and .vimeo files in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

Fedora 27 : php (2018-d034538627)

PHP version 7.1.13 04 Jan 2018 Core: - Fixed bug php75573 Segmentation fault in 7.1.12 and 7.0.26. Laruence - Fixed bug php75384 PHP seems incompatible with OneDrive files on demand. Anatol - Fixed bug php74862 Unable to clone instance when private clone defined. Daniel Ciochiu - Fixed bug php750...