257 matches found
EUVD-2004-0696
Malware in sbrugna...
EUVD-2007-1365
Malware in sbrugna...
EUVD-2010-4690
Malware in sbrugna...
EUVD-2023-54399
Malicious code in bioql PyPI...
Craft CMS Code Injection Vulnerability
Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has registerargcargv enabled...
Remote Code Execution (RCE)
craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to the registerargcargv directive being enabled in the php.ini configuration, which allows an attacker to execute arbitrary code on the affected system remotely...
CVE-2024-56145
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has registerargcargv enabled. For these users an unspecified remote code execution vector is present...
CVE-2024-56145
Craft CMS is affected by CVE-2024-56145 due to a code execution vector triggered when php.ini register_argc_argv is enabled. Reports indicate an RCE vulnerability exists in affected versions, with remediation via upgrading to Craft CMS 3.9.14, 4.13.2, or 5.5.2. If upgrading is not possible, the r...
CVE-2024-56145 RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has registerargcargv enabled. For these users an unspecified remote code execution vector is present...
CVE-2024-56145
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has registerargcargv enabled. For these users an unspecified remote code execution vector is present...
CVE-2023-6971
The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of...
Design/Logic Flaw
The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of...
Fedora 38 : composer (2023-f3dedfef46)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f3dedfef46 advisory. Version 2.6.5 - 2023-10-06 Fixed error when vendor dir contains broken symlinks 11670 Fixed composer.lock missing from Composer's zip archives 11674...
Fedora 37 : composer (2023-275c12e496)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-275c12e496 advisory. Version 2.6.5 - 2023-10-06 Fixed error when vendor dir contains broken symlinks 11670 Fixed composer.lock missing from Composer's zip archives 11674...
SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2023:4041-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4041-1 advisory. - Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the...
Remote Code Execution (RCE)
Composer is vulnerable to Remote Code Execution. This vulnerability is due when the composer.phar file is published to a publicly-accessible server and registerargcargv is enabled in php.ini. This can allow an attacker to execute remote code in the server...
Remote Code Execution (RCE)
composer/composer is vulnerable to Remote Code Execution RCE. The vulnerability exists because the registerargcargv is not properly disabled in php.ini, which allows an attacker to inject and execute malicious code through the malicious composer.phar file when publishing a composer.phar to a publ...
CVE-2023-43655
Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22 an...
CVE-2023-43655
Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22 an...
PT-2023-9221 · Composer +6 · Composer +6
Name of the Vulnerable Software and Affected Versions: Composer versions prior to 1.10.27 Composer versions prior to 2.2.22 Composer versions prior to 2.6.4 Description: The issue is related to the Composer dependency manager for PHP. Users publishing a composer.phar to a public web-accessible...