8 matches found
Authentication flaw
A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication...
CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
Design/Logic Flaw
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742 libgit2 fails to verify SSH keys by default
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2022-38537
Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the startfile, endfile, starttime, and stoptime parameters in the binlog2sql interface...
CVE-2018-12042
Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter...
CVE-2018-12042
Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter...
CVE-2018-12042
Roxy Fileman 1.4.5 and earlier is vulnerable to a directory traversal flaw in the php/download.php f parameter, allowing access to arbitrary files. The issue is due to improper handling of the f parameter in file download functionality, enabling potential exposure of sensitive server files. Impac...