Lucene search
+L

241 matches found

CVE
CVE
added 2019/11/04 12:44 p.m.82 views

CVE-2013-4412

CVE-2013-4412 affects slim, with a NULL pointer dereference when using the crypt() function from glibc 2.17. The connected records confirm the description across multiple sources (NVD, OSV, Ubuntu/Debian advisories, and vendor entries), but none provide concrete details on affected versions beyon...

7.5CVSS7.5AI score0.02934EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2019/11/04 12:0 a.m.9 views

PT-2019-6950 · Gnu · Glibc

Name of the Vulnerable Software and Affected Versions: slim affected versions not specified Description: The issue is related to a NULL pointer dereference in slim when using the crypt method from glibc 2.17. Recommendations: At the moment, there is no information about a newer version that...

7.5CVSS7.2AI score0.02934EPSS
Exploits0References12
Packet Storm
Packet Storm
added 2019/04/12 12:0 a.m.62 views

JobSkee Open Source JobBoard 1.1.3 Database Disclosure

Exploit Title : JobSkee Open Source JobBoard 1.1.3 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 12/04/2019 Vendor Homepage : jobskee.com Software Download Link : jobskee.com/download.php Software Information Link :...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2017/09/25 2:56 a.m.48 views

Zomato: Potential server misconfiguration leads to disclosure of vendor/ directory

Hi, Apologies for the weakness label, it was the closest I could find for what appears to be a server misconfiguration. Typically, in MVC frameworks like Slim which I see you are using here, Symfony, Laravel, etc., the front controller is the only thing exposed, leaving vendor/, logs/, and others...

6.9AI score
Exploits0
Veracode
Veracode
added 2017/07/30 4:39 a.m.20 views

Remote Code Execution (RCE)

Slim is vulnerable to Remote Code Execution RCE through PHP Object Injections. A malicious user can inject and execute arbitrary code when deserialising a SessionCookie object...

7.5CVSS7.5AI score0.02497EPSS
Exploits0References5Affected Software1
Openbugbounty
Openbugbounty
added 2017/07/01 3:52 p.m.13 views

minnesota-slim.net XSS vulnerability

Vulnerable URL: http://www.minnesota-slim.net/vu/boot.asp?boot=1"...

6.9AI score
Exploits0
Prion
Prion
added 2017/01/26 5:59 p.m.10 views

Design/Logic Flaw

Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges...

4.6CVSS7.2AI score0.0035EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2017/01/26 5:0 p.m.53 views

CVE-2016-8225

The CVE-2016-8225 entry concerns Lenovo Edge USB Keyboard Driver (also called Lenovo Slim USB Keyboard/Low Profile Keyboard) on Windows. The advisory LEN-11588 indicates a local privilege escalation vulnerability when the driver is prior to version 1.21. The root issue is exposed as a local explo...

7.8CVSS7.7AI score0.0035EPSS
Exploits0References2Affected Software2
0day.today
0day.today
added 2016/10/20 12:0 a.m.23 views

Lenovo Slim USB Keyboard 1.09 Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Exploit Title: Lenovo Slim USB Keyboard - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 1.09 Tested on: Windows 7 Professional The Lenovo Slim USB Keyboard service is installed with an unquote...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2016/10/19 12:0 a.m.14 views

Lenovo Slim USB Keyboard 1.09 - Unquoted Service Path Privilege Escalation

Lenovo Slim USB Keyboard 1.09 - Unquoted Service Path Privilege Escalation Exploit Title: Lenovo Slim USB Keyboard - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 1.09 Tested on: Windows 7 Professional The Lenovo Slim USB Keyboard service is...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2016/10/19 12:0 a.m.36 views

Lenovo Slim USB Keyboard 1.09 - Unquoted Service Path Privilege Escalation

Exploit Title: Lenovo Slim USB Keyboard - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 1.09 Tested on: Windows 7 Professional The Lenovo Slim USB Keyboard service is installed with an unquoted service path. This enables a local privilege escalatio...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/06/16 12:0 a.m.27 views

SlimCMS 0.1 - Cross-Site Request Forgery (Change Admin Password)

Exploit for php platform in category web applications input ty...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/06/16 12:0 a.m.19 views

Slim CMS 0.1 Cross Site Request Forgery

input type="hidden" name="url" value="http://localhost/SlimCMS"...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/06/16 12:0 a.m.19 views

SlimCMS 0.1 - Cross-Site Request Forgery (Change Admin Password)

input typ...

7.4AI score
Exploits0
myhack58
myhack58
added 2016/03/24 12:0 a.m.41 views

the php framework slim architecture on the presence of the XXE vulnerability, XXE typically present in the form of-vulnerability warning-the black bar safety net

Modern cms framework laraval/symfony/slim, leading to today's php vulnerability appears point, principle, using method, has undergone some changes, this series can hope to summarize their excavation of such a cms vulnerability. slim is one of the design ideas ahead of the well-known of php light...

7.4AI score
Exploits0
NVD
NVD
added 2015/03/30 2:59 p.m.29 views

CVE-2015-2171

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data...

7.5CVSS7.7AI score0.02497EPSS
Exploits0References4
Prion
Prion
added 2015/03/30 2:59 p.m.20 views

Design/Logic Flaw

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data...

7.5CVSS8.2AI score0.02497EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/03/30 2:0 p.m.37 views

CVE-2015-2171

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data...

7.6AI score0.02497EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2015/03/30 2:0 p.m.69 views

CVE-2015-2171

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data...

7.5CVSS7.6AI score0.02497EPSS
Exploits0References4
CVE
CVE
added 2015/03/30 2:0 p.m.74 views

CVE-2015-2171

CVE-2015-2171 affects the Slim PHP framework; vulnerable component is Middleware/SessionCookie.php in Slim before 2.6.0. The issue allows remote attackers to perform PHP object injection via crafted session data, enabling arbitrary code execution on the server. The root cause is deserialization o...

7.5CVSS7.8AI score0.02497EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder