Lucene search
K

167 matches found

Typo3
Typo3
added 2016/07/19 12:0 a.m.637 views

Environment Variable Injection

It has been discovered, that PHP exposes the risk of Environment Variable Injection and TYPO3 is vulnerable through third party library guzzlehttp/guzzle Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerability Type: Environment Variable Injection Affected Versions: Versions 8.0.0 to...

5.1CVSS0.6AI score0.50427EPSS
Exploits0Affected Software1
OSV
OSV
added 2015/12/21 7:6 p.m.6 views

SUSE-SU-2015:2337-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issues: - CVE-2015-7519: rubygem-passenger was not filtering the environment like apache is doing, allowing injection of environment variables bsc956281...

4.3CVSS4.4AI score0.02364EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/10/06 12:0 a.m.59 views

GLSA-201409-09 : Bash: Code Injection (Shellshock)

The remote host is affected by the vulnerability described in GLSA-201409-09 Bash: Code Injection Stephane Chazelas reported that Bash incorrectly handles function definitions, allowing attackers to inject arbitrary code. Impact : A remote attacker could exploit this vulnerability to execute...

10CVSS8.9AI score0.99999EPSS
Exploits131References2
RedHat Linux
RedHat Linux
added 2014/10/02 6:40 p.m.5 views

bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell...

10CVSS7.4AI score0.99999EPSS
Exploits140References6
OSV
OSV
added 2014/09/28 12:17 p.m.14 views

MGASA-2014-0393 Updated bash packages fix CVE-2014-7169

Updated bash packages fix security vulnerability: It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or...

10CVSS10AI score0.9994EPSS
Exploits17References3
Mageia
Mageia
added 2014/09/28 12:17 p.m.72 views

Updated bash packages fix CVE-2014-7169

Updated bash packages fix security vulnerability: It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or...

10CVSS9.9AI score0.9994EPSS
Exploits17References2
RedHat Linux
RedHat Linux
added 2014/09/26 1:46 a.m.6 views

bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell...

10CVSS7.4AI score0.99999EPSS
Exploits140References6
Saint
Saint
added 2014/09/26 12:0 a.m.195 views

Bash environment variable code injection over HTTP

Added: 09/26/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Problem The Bash shell executes commands injected after function definitions contained in environment variables. This could be used by a...

10CVSS10AI score0.99999EPSS
Exploits131
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

Easypx41 Multiple Variable Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14421/info Easypx41 is prone to multiple variable injection vulnerabilities. An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged information...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/05 12:0 a.m.39 views

Caldera 'cdir' Parameter Absolute Path Directory Traversal

The Caldera installation on the remote host contains a PHP script that is affected by a directory traversal vulnerability. A remote, unauthenticated attacker can exploit this issue by sending a crafted request to the '/dirmng/index.php' script, allowing access to arbitrary directories on the remo...

5CVSS6AI score0.03002EPSS
Exploits0References1
NVD
NVD
added 2014/05/08 10:55 a.m.16 views

CVE-2014-2936

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via 1 the maindirhotfolder parameter to dirmng/index.php, or an unspecified parameter to 2 PPD/index.php, 3 dirmng/docmd.php, or 4 dirmng/param.php...

7.5CVSS6.7AI score0.01611EPSS
Exploits1References2
Prion
Prion
added 2014/05/08 10:55 a.m.12 views

Sql injection

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via 1 the maindirhotfolder parameter to dirmng/index.php, or an unspecified parameter to 2 PPD/index.php, 3 dirmng/docmd.php, or 4 dirmng/param.php...

7.5CVSS7.2AI score0.01611EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2014/05/08 10:0 a.m.43 views

CVE-2014-2936

The CVE-2014-2936 entry concerns Caldera 9.20’s directory manager. The vulnerability stems from dynamic/global variable scope handling in multiple scripts (dirmng/index.php, PPD/index.php, dirmng/docmd.php, dirmng/param.php, via maindir_hotfolder or an unspecified parameter), enabling variable-in...

7.5CVSS6.9AI score0.01611EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2014/05/08 10:0 a.m.20 views

CVE-2014-2936

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via 1 the maindirhotfolder parameter to dirmng/index.php, or an unspecified parameter to 2 PPD/index.php, 3 dirmng/docmd.php, or 4 dirmng/param.php...

6.7AI score0.01611EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2013/07/10 12:0 a.m.23 views

phpMyAdmin 4.x < 4.0.4.1 import.php GLOBALS Variable Injection Configuration Parameter Manipulation (PMASA-2013-7)

According to its self-identified version number, the phpMyAdmin 4.x install hosted on the remote web server is earlier than 4.0.4.1 and, therefore, contains a flaw where the 'import.php' script does not properly sanitize input. This could allow attackers to inject arbitrary GLOBALS variables and...

5.5CVSS8.4AI score0.01055EPSS
Exploits2References2
phpMyAdmin
phpMyAdmin
added 2013/06/30 12:0 a.m.30 views

Global variable scope injection.

PMASA-2013-7 Announcement-ID: PMASA-2013-7 Date: 2013-06-30 Updated: 2013-07-01 Summary Global variable scope injection. Description The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. Severity We consider this...

5.5CVSS7.2AI score0.01055EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/01/11 12:0 a.m.64 views

PHP 5.x < 5.2.2 Multiple vulnerabilities

According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2.2. It is, therefore, affected by multiple vulnerabilities: - A heap-based buffer overflow vulnerability was found in PHP's gd extension. A script that could be forced to process WBMP images from an...

7.8CVSS6.5AI score0.08321EPSS
Exploits4References6
Cvelist
Cvelist
added 2011/10/21 10:0 a.m.26 views

CVE-2009-5103

Cross-site scripting XSS vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable...

5.7AI score0.02557EPSS
Exploits1References1
OSV
OSV
added 2010/08/06 12:0 a.m.34 views

DSA-2089-1 php5 - several vulnerabilities

Bulletin has no description...

7.5CVSS9.6AI score0.05342EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2010/08/04 12:0 a.m.189 views

PHP 5.2 < 5.2.14 Multiple Vulnerabilities

According to its banner, the version of PHP 5.2 installed on the remote host is older than 5.2.14. Such versions may be affected by several security issues : - An error exists when processing invalid XML-RPC requests that can lead to a NULL pointer dereference. bug 51288 CVE-2010-0397 - An error...

9.3CVSS8.9AI score0.11528EPSS
Exploits19References16
Rows per page
Query Builder