22 matches found
EUVD-2009-3528
Malware in sbrugna...
EUVD-2015-5175
Malware in sbrugna...
CVE-2023-29868
Zammad 5.3.x Fixed in 5.4.0 is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions...
strongSwan 5.3.x < 5.9.12 RCE Vulnerability
strongSwan is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PT-2023-22456 · Zammad · Zammad
Name of the Vulnerable Software and Affected Versions: Zammad versions 5.3.x through 5.3.x Description: The issue allows an authenticated attacker with agent and customer roles to perform unauthorized changes on articles where they only have customer permissions, due to incorrect access control...
SUSE CVE-2009-3294
The popen API function in TSRM/tsrmwin32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service crash via a crafted 1 "e" or 2 "er" string in the second argument aka mode, possibly related t...
VMware Spring Framework < 5.2.21, 5.3.x < 5.3.19 Data Binding Rules Vulnerability
The VMware Spring Framework is prone to a data binding rules vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1683, CVE-2018-8039)
Summary WebSphere Application Server is vulnerable to possible man-in-the-middle attacks. This is caused by the failure to encrypt ORB communication or by an Apache CXF vulnerability. Vulnerability Details CVEID: CVE-2018-1683 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a...
Code injection
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an...
Puppet Enterprise 2017.x < 2017.3.6 Cross-site Scripting Vulnerability
According to its self-reported version number, the Puppet install running on the remote host is version 4.x prior to 2016.2.1, 5.3.x prior to 2017.3.7, or 5.5.x prior to 2018.1.1. It is, therefore, affected by a cross-site scripting XSS vulnerability due to improper validation of user-supplied...
Phusion Passenger SpawningKit Information Disclosure Vulnerability
Phusion Passenger is an Apache module from the Dutch company Phusion for deploying Ruby on Rails projects on Apache and Nginx web servers.SpawningKit is one of the components. A security vulnerability exists in SpawningKit in version 5.3.x of Phusion Passenger prior to 5.3.2. An attacker could...
Apache Traffic Server 5.3.x < 5.3.1 'url_sig' Plugin Multiple Vulnerabilities
According to its banner, the version of Apache Traffic Server running on the remote host is 5.3.x prior to 5.3.1. It is, therefore, affected by multiple vulnerabilities related to the 'urlsig' plugin : - An out-of-bounds access error exists that is triggered when handling a specially crafted HTTP...
PHP 5.3.x < 5.3.23 Multiple Vulnerabilities
According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.23. It is, therefore, potentially affected by multiple vulnerabilities: - An error exists in the file 'ext/soap/soap.c' related to the 'soap.wsdlcachedir' configuration directive and writing cache files...
PHP 5.3.x < 5.3.13 CGI Query String Code Execution
According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.13 and, as such, is potentially affected by a remote code execution and information disclosure vulnerability. The fix for CVE-2012-1823 does not completely correct the CGI query vulnerability...
PHP 5.2.x < 5.2.17 / 5.3.x < 5.3.5 String To Double Conversion DoS
Binary data 5740.prm...
PHP 5.3.x < 5.3.4 Multiple Vulnerabilities
Binary data 5732.prm...
EUVD-2010-4132
The mbstrcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter aka the length parameter...
PHP 5.2.11, 5.3.x < 5.3.1 Multiple Vulnerabilities (Dec 2009)
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...
PHP 5.3.x < 5.3.1 Multiple Vulnerabilities
Binary data 801090.prm...
PHP 5.3.x < 5.3.1 Multiple Vulnerabilities
Binary data 5242.prm...