EUVD-2017-0312

Malware in sbrugna...

UBUNTU-CVE-2024-51754

Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...

CVE-2019-16676

Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...

CVE-2019-11772

CVE-2019-11772 affects OpenJ9 (prior to 0.15). The vulnerability is an out-of-bounds write in String.getBytes invoked by JIT, allowing a local attacker to write memory at arbitrary 32-bit addresses or beyond the end of a byte array when Java runs under a SecurityManager. IBM/IBM X-Force entries t...

rails Cross-site Scripting vulnerability

The cross-site scripting XSS prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a...

PHP '__toString()' Function Type Obfuscation Information Disclosure Vulnerability

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. PHP suffers from a type confusion vulnerability in the 'toString' function. An attacker can exploit this vulnerability to obtain vulnerability information...

CVE-2011-2197

The cross-site scripting XSS prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a...