122 matches found
GHSA-5M3W-RVVH-8FX6 Joomla! Object Injection Vulnerability
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for object injection attacks because there is no protection mechanism such as the TYPO3 PHAR stream wrapper to prevent use of the phar:// handler for non .phar-files...
Joomla! Object Injection Vulnerability
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for object injection attacks because there is no protection mechanism such as the TYPO3 PHAR stream wrapper to prevent use of the phar:// handler for non .phar-files...
DRUPAL-CONTRIB-2022-019
This module provides a stream wrapper for files located in the vendor directory. Even when the vendor directory is moved outside the webroot, it allows providing publically accessible URLs to these files. The module exposes all files that are in the vendor directory, without a site owner's...
Remote Stream Wrapper - Critical - Unsupported - SA-CONTRIB-2022-020
Update 2022-05-04: Existing maintainers have updated the project to clarify that the module did not contain a security issue that caused the module to be unsupported. The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by...
Vendor Stream Wrapper - Moderately critical - Unsupported - SA-CONTRIB-2022-019
This module provides a stream wrapper for files located in the vendor directory. Even when the vendor directory is moved outside the webroot, it allows providing publically accessible URLs to these files. The module exposes all files that are in the vendor directory, without a site owner's...
CVE-2021-36766
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/singlepage/dashboard/system/environment/logging.php Logging::updatelogging method. User input passed through the logFile request parameter is not properly sanitized before being used in a ca...
Multiple vulnerabilities through filename manipulation in Archive_Tar
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed. See: https://github.com/pear/ArchiveTar/issues/33...
CVE-2020-28949
A flaw was found in the ArchiveTar package. PEAR ArchiveTar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive...
Drupal 7.x < 7.75 / 8.x < 8.8.12 / 8.9.x < 8.9.10 / 9.0.x < 9.0.9 Multiple Vulnerabilities (SA-CORE-2020-013)
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.75, 8.x prior to 8.8.12, 8.9.x prior to 8.9.10, or 9.0.x prior to 9.0.9. It is, therefore, affected by multiple vulnerabilities: - ArchiveTar through 1.4.10 allows an unserialization...
CVE-2020-28949
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...
Code injection
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...
UBUNTU-CVE-2020-28949
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...
CVE-2020-28949
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...
CVE-2020-28949
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...
CVE-2020-28949
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...
CVE-2020-28949
CVE-2020-28949 affects PEAR Archive_Tar (v1.4.10 and earlier). The issue is that Archive_Tar’s filename sanitization only addressed phar attacks; other stream-wrapper attacks (e.g., file://) can overwrite files, enabling potential arbitrary file writes. Affected ecosystem includes PHP-pear compon...
CVE-2020-28949
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed. Recent assessments: gwillcox-r7 at January 15, 2021 8:42pm UTC reported: Original advisory and PoC can be found at...
Design/Logic Flaw
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources aka SSRF or leak files from the local system using the...
Joomla! 1.7.x < 3.9.6 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A protection bypass exists in versions 3.9.3 to 3.9.5 within the Phar Stream Wrapper Interceptor due to path traversal - A cross-site scripting XSS vulnerability exists in...
Drupal 7.x < 7.67 Third-Party Libraries Vulnerability
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.67, 8.6.x prior to 8.6.16, or 8.7.x prior to 8.7.1. It is, therefore, affected by a path traversal vulnerability. This security release fixes third-party dependencies included in or...