📄 fast-xml-parser 5.3.5 Denial of Service

A denial of service vulnerability was identified in fast-xml-parser affecting versions 4.1.3 through 5.3.5. The issue arises from improper handling of XML Document Type Definitions DTD, specifically when processing internal entity expansion. An attacker can supply a crafted XML payload containing...

EUVD-2018-9056

Malware in sbrugna...

WordPress plugin AutomatorWP 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WooCommerce Multilingual & Multicurrency versions = 5.3.6...

PT-2024-31793 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 3.2.11 Vite versions prior to 4.5.5 Vite versions prior to 5.2.14 Vite versions prior to 5.3.6 Vite versions prior to 5.4.6 Description: A DOM Clobbering vulnerability was discovered in Vite when building scripts to...

Security Bulletin: Netty vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ( CVE-2019-16869)

Summary Netty HTTP request smuggling vulnerability affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVEID:CVE-2019-16869 DESCRIPTION: Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a "Transfer-Encoding :...

Security update for lua53 (moderate)

openSUSE Security Update: Security update for lua53 Announcement ID: openSUSE-SU-2021:2196-1 Rating: moderate References: 1175448 1175449 Cross-References: CVE-2020-24370 CVE-2020-24371 CVSS scores: CVE-2020-24370 NVD : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-24370 SUSE: 4...

Security update for lua53 (moderate)

openSUSE Security Update: Security update for lua53 Announcement ID: openSUSE-SU-2021:0962-1 Rating: moderate References: 1175448 1175449 Cross-References: CVE-2020-24370 CVE-2020-24371 CVSS scores: CVE-2020-24370 NVD : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-24370 SUSE: 4...

[SECURITY] Fedora 30 Update: kernel-5.3.6-200.fc30

The kernel meta package...

CactusVPN system() elevation of privilege vulnerability

CactusVPN for macOS is a macOS-based VPN software from CactusVPN Moldova for anonymous access to the Internet. An elevation of privilege vulnerability exists in version 5.3.6 of CactusVPN for macOS-based platforms. An attacker can exploit the vulnerability to execute commands with root privileges...

AlienVault OSSIM/USM < 5.3.6 RCE Vulnerability - Active Check

AlienVault OSSIM and USM are prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

PHP phar extension 1.1.1 Heap Overflow

No description provided by source. from: http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html version PHP: 5.3.6 version phar ext.: 1.1.1 site: http://php.net/ source code: http://windows.php.net/downloads/releases/php-5.3.6-src.zip An integer overflow vulnerability leading t...

WHMCS多个未明安全漏洞

Bugtraq ID:66498 WHMCS是一套专为主机业务及其他在线交易开发的客户管理，财务，支持软件。 WHMCS存在未明安全漏洞，目前没有详细漏洞细节提供。 0 WHMCS 5.x WHMCS 5.2.17或5.3.6已经修复该漏洞，建议用户下载更新： http://www.whmcs.com...

PHP phar Extension 1.1.1 - Heap Overflow

PHP phar Extension 1.1.1 - Heap Overflow from: http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html version PHP: 5.3.6 version phar ext.: 1.1.1 site: http://php.net/ source code: http://windows.php.net/downloads/releases/php-5.3.6-src.zip An integer overflow vulnerability...

PHP &#039;phar&#039; Extension 1.1.1 - Heap Overflow

from: http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html version PHP: 5.3.6 version phar ext.: 1.1.1 site: http://php.net/ source code: http://windows.php.net/downloads/releases/php-5.3.6-src.zip An integer overflow vulnerability leading to a heap overflow in the file...

CVE-2011-0421

The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service NULL pointer dereference via an empty ZIP archive that is processed with a...

PHP <= 5.3.6 shmop_read() Integer Overflow DoS

Exploit for linux platform in category dos / poc 0day.today 2018-02-02...

PHP 5.3.x Intl Extension - NumberFormatter::setSymbol() Denial of Service

PHP 5.3.x Intl Extension - NumberFormatter::setSymbol Denial of Service source: https://www.securityfocus.com/bid/46968/info PHP is prone to a remote denial-of-service vulnerability that affects the 'Intl' extension. Successful attacks will cause the application to crash, creating a...

PHP &lt; 5.3.6 &#039;Zip&#039; Extension - &#039;zip_fread()&#039; Denial of Service

source: https://www.securityfocus.com/bid/46975/info PHP is prone to a remote denial-of-service vulnerability that affects the 'Zip' extension. Successful attacks will cause the application to crash, creating a denial-of-service condition. Due to the nature of this issue, arbitrary code-execution...

TalentSoft Web+Shop Path Disclosure

TalentSoft Web+Shop Path Disclosure Software: Web+Shop Version: 5.3.6 Website: http://www.webplus.com Bug: path disclosure Exploitation: Remote Description: Web+Shop is a user-friendly e-commerce shopping cart application for the web. Vulnerability: Web+Shop installation path can be disclosed by...