[20190206] - Core - Implement the TYPO3 PHAR stream wrapper

The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper...

DRUPAL-CORE-2019-002

A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing file operations on insufficiently validated user input, thereby being exposed to this...

drupal -- Drupal core - Arbitrary PHP code execution

Drupal Security Team reports: A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing file operations on insufficiently validated user input, thereb...

Same Origin Policy Bypass

xulrunner is vulnerable to same origin policy bypass attacks. It omits a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary...

PT-2019-5774 · Debian · Sympa

Name of the Vulnerable Software and Affected Versions: Debian Sympa package versions prior to 6.2.40dfsg-7 Description: The issue is related to the debian/sympa.postinst component of the Sympa package, which sets incorrect permissions for the sympa newaliases-wrapper. This could allow a remote...

Chat Anywhere extension for Chrome cross-site scripting vulnerability

Chat Anywhere extension for Chrome is an online chat plugin for use in Google Chrome. A cross-site scripting vulnerability exists in the Chat Anywhere extension for Chrome version 2.4.0, which stems from the danmuWrapper DIV element in the chatbox-only\danmu.js file being out of the scope of the...

CVE-2018-20524

The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy CSP...

RHEL 6 : activemq (RHSA-2014:0254)

An updated activemq package that fixes multiple security issues is now available for Red Hat OpenShift Enterprise 1.2.7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

CVE-2018-17187

The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...

Default configuration

The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...

DEBIAN-CVE-2018-17187

The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...

CVE-2018-17187

CVE-2018-17187 affects the Apache Qpid Proton-J TLS wrapper. Versions 0.3–0.29.0 lacked hostname verification support, leaving clients that rely on the wrapper with only trusted-certificate verification and exposing them to MITM attacks. The mitigation is to upgrade Proton-J to 0.30.0+ and enable...

JEESNS Cross-Site Scripting Vulnerability

JEESNS is an enterprise-level open source social management system building platform based on Java and MySQL, which includes microblogging module, group module and article module. JEESNS 1.3 version of the com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java file cross-site scripting...

libreoffice: Use-after-free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service use-after-free with write access or possibly have unspecified other impact via a crafted...

USN-3802-1 xorg-server, xorg-server-hwe-16.04 vulnerability

Narendra Shinde discovered that the X.Org X server incorrectly handled certain command line parameters when running as root with the legacy wrapper. When certain graphics drivers are being used, a local attacker could possibly use this issue to overwrite arbitrary files and escalate privileges...

GHSA-MH7G-99W9-XPJM Remote code execution occurs in Apache Solr

Remote code execution occurs in Apache Solr before versions 5.5.5, 6.6.2 and 7.1.0 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

CVE-2018-17886

An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429...

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

Arbitrary Data Deserialization

tecnickcom/tcpdf is vulnerable to arbitrary data deserialization attack. The attack is possible because it allows the user to input arbitrary data to deserialize using via the phar:// wrapper...