XWiki Remote Code Execution

PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifyi...

GHSA-H5JM-JJGX-Q2WF XWiki Remote Code Execution

PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifyi...

CVE-2022-22521

In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin...

CVE-2022-22521 Privilege Escalation in Miele Benchmark Programming Tool

In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin...

CVE-2022-22521

CVE-2022-22521 affects the Miele Benchmark Programming Tool. Versions prior to 1.2.71 allow an attacker with low privileges to cause a user with administrative privileges to execute manipulated executables, enabling privilege escalation. The issue is documented across multiple sources (NVD/NVD CV...

Miele Benchmark Programming Tool 1.1.49 / 1.2.71 Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege Escalation product: Miele Benchmark Programming Tool vulnerable version: at least 1.1.49 and 1.2.71 fixed version: 1.2.72 CVE number: CVE-2022-22521 impact:...

The vulnerability of the PHP programming language interpreter, related to privilege management errors, allows attackers to bypass the protection mechanisms defined by open_basedir.

The vulnerability of the PHP programming language interpreter and the SQLite database management system is related to privilege management errors. Exploiting this vulnerability allows a malicious actor to bypass the protection mechanisms defined by openbasedir...

The vulnerability of the php_quot_print_encode function in the PHP programming language allows a perpetrator to cause a service failure.

The vulnerability of the phpquotprintencode function in the PHP programming language is caused by buffer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the PHP programming language interpreter arises from insufficient validation of input data, allowing attackers to trigger service failures.

The vulnerability of the PHP programming language interpreter exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

The vulnerability of the `_php_stream_scandir` function in the PHP programming language allows a hacker to execute arbitrary code.

The vulnerability of the phpstreamscandir function in the PHP programming language is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Miele Benchmark Programming Tool 安全漏洞

Miele Benchmark Programming Tool is a desktop application from Miele Germany. It allows users to easily edit washing machine and tumble dryer programs and machine settings on their Miele Professional devices. A security vulnerability exists in Miele Benchmark Programming Tool versions prior to...

The vulnerability of the PDORow implementation in the PHP programming language interpreter allows attackers to trigger a service failure.

The vulnerability of the PDORow implementation in the PHP programming language exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...

The vulnerability of the fileexists function in the PHP programming language allows attackers to circumvent existing security restrictions.

The vulnerability of the fileexists function in the PHP programming language exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to bypass existing security restrictions remotely...

python-suds bug fix and enhancement update

The suds project is a python soap web services client lib. Suds leverages python meta programming to provide an intuitive API for consuming web services. Objectification of types defined in the WSDL is provided without class generation. Programmers rarely need to read the WSDL since services and...

The vulnerability of the ext/phar/tar.c component of the PHP programming language interpreter allows a attacker to trigger a service failure or possibly cause other adverse effects.

The vulnerability of the ext/phar/tar.c component in the PHP programming language arises due to buffer overflow. Exploiting this vulnerability can allow an attacker to cause service interruptions or potentially have other effects using a specially created .TAR archive...

The vulnerability of the mcrypt extension in the PHP programming language interpreter allows a hacker to trigger a service failure or possibly cause other effects.

The vulnerability of the mcrypt extension in the PHP programming language interpreter is caused by a numerical overflow condition. Exploiting this vulnerability could allow an attacker to cause service failures or potentially have other adverse effects...

The vulnerability of the phar_parse_pharfile function in the PHP programming language allows a hacker to trigger a service failure.

The vulnerability of the pharparsepharfile function in the PHP programming language is caused by a numerical overflow condition. Exploiting this vulnerability can allow an attacker to cause service interruptions...

The vulnerability of the phar_parse_zipfile function in the PHP programming language allows a hacker to trigger a service failure.

The vulnerability of the pharparsezipfile function ext/phar/zip.c in the PHP programming language is related to errors in number processing. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

The vulnerability of the php_zip.c component of the PHP programming language interpreter allows a attacker to execute arbitrary PHP code or cause a service failure.

The vulnerability of the phpzip.c component of the PHP programming language interpreter relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary PHP code or cause a service failure by using specially created serialized data containing a...

GSD-2022-1002026 watch_queue: Free the page array when watch_queue is dismantled

watchqueue: Free the page array when watchqueue is dismantled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...