1697 matches found
TYPO3-EXT-SA-2023-011: Configuration Injection in extension "Direct Mail" (direct_mail)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-011...
PHP object injection attack vulnerability in Slim.
https://github.com/slimphp/Slim/blob/master/Slim/Middleware/SessionCookie.phpL127 Generally, it's a bad idea to blindly unserialize user-controllable input. https://www.owasp.org/index.php/PHPObjectInjection EDIT - for people who don't want to read the whole thread: The SessionCookie class is not...
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Description Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to ...
Improper Input Validation in headers
Description Impact Improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. Patches The issue is patched in 1.6.1...
Deserialization Gadget chain in Swift Mailer dependancy
Summary Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. Details This vulnerability present no direct threat but is a vector that will enable remote code executio...
Test code in published microsoft-graph package exposes phpinfo()
More info at https://nvd.nist.gov/vuln/detail/CVE-2023-49282...
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2 (see CVE-2013-1967)
More info at https://contao.org/en/news/contao-3515.html...
PHP Code Injection
phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...
XXE Vulnerability
This is: - X a bug report - a feature request - not a usage question ask them on https://stackoverflow.com/questions/tagged/phpspreadsheet or https://gitter.im/PHPOffice/PhpSpreadsheet What is the expected behavior? The securityScan function is used to prevent XXE attacks. What is the current...
XXE Vulnerability
This is: - X a bug report - a feature request - not a usage question ask them on https://stackoverflow.com/questions/tagged/phpspreadsheet or https://gitter.im/PHPOffice/PhpSpreadsheet What is the expected behavior? The securityScan function is used to prevent XXE attacks. What is the current...
Parsoid comment fostering allows for inserting mostly arbitrary <meta> tags
More info at https://phabricator.wikimedia.org/T279451...
PHP remote file inclusion vulnerability in dompdf.php
This release is superseded by version 0.7.0 This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf. Please read the new docume...
PHP Code Injection
phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...
HTTP Proxy header vulnerability
Bugfixes Mitigate HTTPoxy vulnerability 23...
Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...
Fixed potential path traversal attack and remote code injection
This is a security release. All users MUST upgrade to this release to prevent two potential security issues: path traversal attack remote code injection These two security issues have been reported by Andreas Forsblom. THANKS! Below is the original report Andreas sent me: Hi William, First, thank...
TOCTOU Race Condition enabling remote code execution
Impact The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions: - A user is allowed to supply the path or filename of an uploaded file. - The supplied...
Arbitrary code execution via a crafted email address
More info at https://github.com/zetacomponents/Mail/issues/58...
Multiple CRLF injection vulnerabilities
This release contains an important security update. Security update Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack...
RCE vulnerability in phpunit
More info at https://nvd.nist.gov/vuln/detail/CVE-2017-9841...
CVE-2021-41270: Prevent CSV Injection via formulas
More info at https://symfony.com/cve-2021-41270...
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2 (see CVE-2013-1967)
More info at https://contao.org/en/news/contao-3515.html...
Remote Code Execution
$highlight = Pygmentize::highlight'?php phpinfo;', ';uname -a '; printr$highlight; This will produce the following output: Darwin Micheals-MBP 16.1.0 Darwin Kernel Version 16.1.0: Thu Oct 13 21:26:57 PDT 2016; root:xnu-3789.21.360/RELEASEX8664 x8664 The problem lines appear to be here:...
Potential XXE security issue
improved XXE fix CVE-2014-2053...
Code injection in the way Symfony implements translation caching in FrameworkBundle
More info at https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released...
Remote code execution
Hello, as discussed by email, this fixes a serious vulnerability. Hopefully my code is OK-ish...
symfony/ux-autocomplete Prevent injection of invalid entity ids for "autocomplete" fields
Impact Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. Affected applications are any that use: A custom querybuilder option to limit the valid results; AND An EntityType with 'autocomplete' = true or a custom...
CURLOPT_HTTPAUTH option not cleared on change of origin
Impact Authorization headers on requests are sensitive information. When using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI with a different origin, if we choose to follow it, we...
CVE-2020-15094: Prevent RCE when calling untrusted remote with CachingHttpClient
More info at https://symfony.com/cve-2020-15094...
PRODSECBUG-2378: Stored cross-site scripting in the Return Product comments feature
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
1.31.0 tarball is missing .htaccess files
More info at https://phabricator.wikimedia.org/T199029...
Unsafe Reflection in base Component class
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...
Directory traversal vulnerability in the file manager
More info at https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html...
CVE-2022-24712: Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4
Impact This vulnerability might allow remote attackers to bypass the CodeIgniter4 CSRF protection mechanism. Patches Upgrade to v4.1.9 or later. Workarounds These are workarounds for this vulnerability, but you will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF...
Critical - Arbitrary PHP code execution
More info at https://www.drupal.org/sa-core-2019-002...
TYPO3-CORE-SA-2021-002: Unrestricted File Upload in Form Framework
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-002...
PRODSECBUG-2351: Arbitrary code execution via crafted sitemap creation
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
HTTP Proxy header vulnerability
Bugfixes Mitigate HTTPoxy vulnerability 23...
PHP file inclusion via insert tags
More info at https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html...
Change in port should be considered a change in origin
Impact Authorization and Cookie headers on requests are sensitive information. On making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers from the request, before containing. Previously, we...
Unexpected bindings in QueryBuilder
More info at https://blog.laravel.com/security-laravel-62011-7302-8221-released https://blog.laravel.com/security-laravel-62012-7303-released...
PRODSECBUG-2378: Stored cross-site scripting in the Return Product comments feature
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
Cross-site scripting (XSS) vulnerability in the system log of the back end
More info at https://contao.org/en/news/contao-4418.html...
Insert tag injection in front end forms
More info at https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html...
CVE-2023-46735: Potential XSS in WebhookController
More info at https://symfony.com/cve-2023-46735...
TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-011...
CVE-2021-32693: Authentication granted to all firewalls instead of just one
More info at https://symfony.com/cve-2021-32693...
Insert tag injection in the login module
More info at https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html...
PRODSECBUG-2353: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2351: Arbitrary code execution via crafted sitemap creation
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...