2183 matches found
CVE-2018-17057
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...
CVE-2018-17057
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...
UBUNTU-CVE-2018-17057
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...
CVE-2018-17057
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...
DEBIAN-CVE-2018-17057
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...
CVE-2018-17057
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...
CVE-2018-17057
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...
CVE-2018-17057
The CVE-2018-17057 issue affects TCPDF prior to 6.2.22, allowing attackers to trigger deserialization of arbitrary data through the phar:// wrapper. Documented impact includes remote code execution risk when processing manipulated inputs, with notable exposure via LimeSurvey relying on the TCPDF ...
Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...
PT-2018-13869 · Tcpdf · Tcpdf
Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.2.22 Description: An issue allows attackers to trigger deserialization of arbitrary data via the phar:// wrapper. Recommendations: For versions prior to 6.2.22, update to version 6.2.22 or later to resolve the issue...
@bndynet/bbootstrap (>=1.0.2 <=2.2.1), @bndynet/jslib (>=1.0.52 <=2.0.0) +8 more potentially affected by CVE-2018-16330 via editor.md (=1.5.0)
editor.md NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on editor.md and may be impacted: - @bndynet/bbootstrap =1.0.2, =1.0.52, =2.3.6, =1.0.0, =0.2.0, =0.1.1, =0.1.0, =1.0.0, =1.0.3 Source cves: CVE-2018-16330 Source advisory:...
@atlauncher/atlauncher-scripts (>=0.1.0-18 <=0.1.0-19), @atomist/sample-sdm (>=0.5.1-atomist-update-latest-1540938130032.20181101043939 <=0.5.1-master.20181101044648) +415 more potentially affected by CVE-2018-16487 +1 more via lodash.merge (>=4.0.1 <=4.6.1)
lodash.merge NPM version =4.0.1, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =5.3.8, =3.1.0, =5.0.0, =5.2.7, =5.2.8, =6.1.1, =5.0.0, =5.0.0, =5.2.8, =5.1.1, =0.1.3, =6.2.6, =6.3.3 and more Source cves: CVE-2018-16487, CVE-2018-3721 Source advisory:...
Autocrack - Hashcat Wrapper To Help Automate The Cracking Process
This python script is a Hashcat https://hashcat.net wrapper to help automate the cracking process. The script includes multiple functions to select a set of wordlists and rules, as well as the ability to run a bruteforce attack, with custom masks, before the wordlist/rule attacks. Autocrack uses...
CVE-2018-12562
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...
mystem-wrapper Remote Code Execution Vulnerability
mystem-wrapper is a package for installing the Yandex mystem application. A security vulnerability exists in mystem-wrapper that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the...
rs-brightcove remote code execution vulnerability
rs-brightcove is a set of wrapper tools for the brightcove web API. A security vulnerability exists in rs-brightcove, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response an...
CVE-2017-7831
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...
CVE-2017-7831
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...
CVE-2017-7820
The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects...
CVE-2017-7820
The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects...