Lucene search
+L

241 matches found

CNVD
CNVD
added 2015/03/11 12:0 a.m.9 views

Slim PHP Framework 'SessionCookie.php' Remote PHP Object Injection Vulnerability

Slim PHP Framework is an American software developer Josh Lockhart developed a set of miniature PHP5 framework , it can be used to create RESTful Web applications and APIs. A remote PHP object injection vulnerability exists in Slim PHP Framework 2.5.0 and earlier versions. An attacker can exploit...

7.5CVSS7.5AI score0.02497EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2015/03/01 9:13 a.m.147 views

PHP object injection attack vulnerability in Slim.

https://github.com/slimphp/Slim/blob/master/Slim/Middleware/SessionCookie.phpL127 Generally, it's a bad idea to blindly unserialize user-controllable input. https://www.owasp.org/index.php/PHPObjectInjection EDIT - for people who don't want to read the whole thread: The SessionCookie class is not...

7.5CVSS6.2AI score0.02497EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/03/01 9:13 a.m.21 views

PHP object injection attack vulnerability in Slim.

https://github.com/slimphp/Slim/blob/master/Slim/Middleware/SessionCookie.phpL127 Generally, it's a bad idea to blindly unserialize user-controllable input. https://www.owasp.org/index.php/PHPObjectInjection EDIT - for people who don't want to read the whole thread: The SessionCookie class is not...

7.5CVSS6AI score0.02497EPSS
Exploits0Affected Software1
Gentoo Linux
Gentoo Linux
added 2014/12/11 12:0 a.m.61 views

Multiple packages, Multiple vulnerabilities fixed in 2010

Background For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Description Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module...

9.8CVSS10AI score0.43382EPSS
Exploits23
Tenable Nessus
Tenable Nessus
added 2013/11/12 12:0 a.m.36 views

Fedora 20 : libvirt-1.1.3.1-1.fc20 (2013-20869)

Rebased to version 1.1.3.1 - CVE-2013-4400: virt-login-shell arbitrary file overwrites vulnerability bz 1015228, bz 1025685 - Fix possible domain disappearance on libvirtd crash bz 1015246 - Fix LXC container startup failure bz 1014847 - Slim down libvirt LXC dependencies bz 1012198 Note that...

7.2CVSS7.2AI score0.00352EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2012/06/25 12:0 a.m.93 views

Slim PDF Reader 1.0 Memory Corruption

Exploit Title: Date: June 24 2012 Exploit Author: Carlos Mario Penagos Hollmann Vendor Homepage: www.investintech.com Version:1.0 Tested on: Windows 7 CVE : cve-2011-4220 payload ="A"10000 crash="startxref" pdf=payload+crash filename = "slimpdPoC.pdf" file = openfilename,"w" file.writelinespdf...

9.3CVSS0.8AI score0.07379EPSS
Exploits5
OpenVAS
OpenVAS
added 2010/12/02 12:0 a.m.17 views

Fedora Update for slim FEDORA-2010-13843

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.9CVSS9.5AI score0.00297EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2010/12/02 12:0 a.m.20 views

Fedora Update for slim FEDORA-2010-13843

Check for the Version of slim OpenVAS Vulnerability Test Fedora Update for slim FEDORA-2010-13843 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

6.9CVSS0.00297EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2010/09/10 12:0 a.m.19 views

Fedora Update for slim FEDORA-2010-13890

Check for the Version of slim OpenVAS Vulnerability Test Fedora Update for slim FEDORA-2010-13890 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

6.9CVSS0.00464EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2010/09/10 12:0 a.m.19 views

Fedora Update for slim FEDORA-2010-13897

Check for the Version of slim OpenVAS Vulnerability Test Fedora Update for slim FEDORA-2010-13897 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

6.9CVSS0.00464EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2010/09/10 12:0 a.m.18 views

Fedora Update for slim FEDORA-2010-13897

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.9CVSS9.5AI score0.00464EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2010/09/10 12:0 a.m.17 views

Fedora Update for slim FEDORA-2010-13890

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.9CVSS9.5AI score0.00464EPSS
Exploits1References2
Fedora
Fedora
added 2010/09/09 4:35 a.m.23 views

[SECURITY] Fedora 14 Update: slim-1.3.2-2.fc14

SLiM Simple Login Manager is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which...

6.9CVSS2AI score0.00297EPSS
Exploits0
Fedora
Fedora
added 2010/09/09 1:25 a.m.43 views

[SECURITY] Fedora 13 Update: slim-1.3.2-2.fc13

SLiM Simple Login Manager is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which...

6.9CVSS2AI score0.00464EPSS
Exploits1
Fedora
Fedora
added 2010/09/09 1:15 a.m.71 views

[SECURITY] Fedora 12 Update: slim-1.3.2-2.fc12

SLiM Simple Login Manager is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which...

6.9CVSS2AI score0.00464EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2010/09/09 12:0 a.m.20 views

Fedora 12 : slim-1.3.2-2.fc12 (2010-13897)

updateslimwmlist RE fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

6.9CVSS5.3AI score0.00297EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2010/09/09 12:0 a.m.26 views

Fedora 14 : slim-1.3.2-2.fc14 (2010-13843)

updateslimwmlist RE fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

6.9CVSS5.3AI score0.00297EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2010/09/09 12:0 a.m.20 views

Fedora 13 : slim-1.3.2-2.fc13 (2010-13890)

updateslimwmlist RE fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

6.9CVSS5.3AI score0.00297EPSS
Exploits0References3
NVD
NVD
added 2010/08/30 8:0 p.m.18 views

CVE-2010-2945

The default configuration of SLiM before 1.3.2 places ./ dot slash at the beginning of the defaultpath option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp...

6.9CVSS6.3AI score0.00297EPSS
Exploits0References4
OSV
OSV
added 2010/08/30 8:0 p.m.2 views

DEBIAN-CVE-2010-2945

The default configuration of SLiM before 1.3.2 places ./ dot slash at the beginning of the defaultpath option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp...

6.9CVSS7.1AI score0.00297EPSS
Exploits0References1
Rows per page
Query Builder