241 matches found
Slim PHP Framework 'SessionCookie.php' Remote PHP Object Injection Vulnerability
Slim PHP Framework is an American software developer Josh Lockhart developed a set of miniature PHP5 framework , it can be used to create RESTful Web applications and APIs. A remote PHP object injection vulnerability exists in Slim PHP Framework 2.5.0 and earlier versions. An attacker can exploit...
PHP object injection attack vulnerability in Slim.
https://github.com/slimphp/Slim/blob/master/Slim/Middleware/SessionCookie.phpL127 Generally, it's a bad idea to blindly unserialize user-controllable input. https://www.owasp.org/index.php/PHPObjectInjection EDIT - for people who don't want to read the whole thread: The SessionCookie class is not...
PHP object injection attack vulnerability in Slim.
https://github.com/slimphp/Slim/blob/master/Slim/Middleware/SessionCookie.phpL127 Generally, it's a bad idea to blindly unserialize user-controllable input. https://www.owasp.org/index.php/PHPObjectInjection EDIT - for people who don't want to read the whole thread: The SessionCookie class is not...
Multiple packages, Multiple vulnerabilities fixed in 2010
Background For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Description Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module...
Fedora 20 : libvirt-1.1.3.1-1.fc20 (2013-20869)
Rebased to version 1.1.3.1 - CVE-2013-4400: virt-login-shell arbitrary file overwrites vulnerability bz 1015228, bz 1025685 - Fix possible domain disappearance on libvirtd crash bz 1015246 - Fix LXC container startup failure bz 1014847 - Slim down libvirt LXC dependencies bz 1012198 Note that...
Slim PDF Reader 1.0 Memory Corruption
Exploit Title: Date: June 24 2012 Exploit Author: Carlos Mario Penagos Hollmann Vendor Homepage: www.investintech.com Version:1.0 Tested on: Windows 7 CVE : cve-2011-4220 payload ="A"10000 crash="startxref" pdf=payload+crash filename = "slimpdPoC.pdf" file = openfilename,"w" file.writelinespdf...
Fedora Update for slim FEDORA-2010-13843
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for slim FEDORA-2010-13843
Check for the Version of slim OpenVAS Vulnerability Test Fedora Update for slim FEDORA-2010-13843 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...
Fedora Update for slim FEDORA-2010-13890
Check for the Version of slim OpenVAS Vulnerability Test Fedora Update for slim FEDORA-2010-13890 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...
Fedora Update for slim FEDORA-2010-13897
Check for the Version of slim OpenVAS Vulnerability Test Fedora Update for slim FEDORA-2010-13897 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...
Fedora Update for slim FEDORA-2010-13897
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for slim FEDORA-2010-13890
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
[SECURITY] Fedora 14 Update: slim-1.3.2-2.fc14
SLiM Simple Login Manager is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which...
[SECURITY] Fedora 13 Update: slim-1.3.2-2.fc13
SLiM Simple Login Manager is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which...
[SECURITY] Fedora 12 Update: slim-1.3.2-2.fc12
SLiM Simple Login Manager is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which...
Fedora 12 : slim-1.3.2-2.fc12 (2010-13897)
updateslimwmlist RE fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
Fedora 14 : slim-1.3.2-2.fc14 (2010-13843)
updateslimwmlist RE fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
Fedora 13 : slim-1.3.2-2.fc13 (2010-13890)
updateslimwmlist RE fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
CVE-2010-2945
The default configuration of SLiM before 1.3.2 places ./ dot slash at the beginning of the defaultpath option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp...
DEBIAN-CVE-2010-2945
The default configuration of SLiM before 1.3.2 places ./ dot slash at the beginning of the defaultpath option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp...