1702 matches found
phpseclib a large prime can cause a denial of service
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2528-jw5q-ww88. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can...
Observable Response Discrepancy on Admin Login
Description Impact It allows over the Admin Login form to detect which user username, email exists and which one do not exist. Impacted by this issue are Sulu installation = 2.5.0 and getMessage; instead the $exception-getMessageKey; References Currently no references...
Directory traversal vulnerability in the file manager
More info at https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html...
TYPO3-CORE-SA-2022-004: Cross-Site Scripting in Frontend Login Mailer
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-004...
Inproper parsing of HTTP headers
Impact Improper header parsing. An attacker could sneak in a carriage return character \r and pass untrusted values in both the header names and values. Patches The issue is patched in 1.8.4 and 2.1.1. Workarounds There are no known workarounds. References...
CVE-2021-41268: Remember me cookie persistance after password changes
More info at https://symfony.com/cve-2021-41268...
CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request
More info at https://symfony.com/cve-2021-41267...
Improper escaping of command arguments on Windows leading to command injection
Impact Windows users running Composer to install untrusted dependencies are affected and should definitely upgrade for safety. Other OSs and WSL are not affected. Patches 1.10.23 and 2.1.9 fix the issue Workarounds None...
Read private customer data reclaiming carts
Klaviyo read customer quotes for guest carts April 28th I've found a endpoint in a thirth party module Klaviyo Magento 2 which allows to read private customer data from stores. It works by reclaiming any guest-cart as your own and reading the private data for the orders in the Magento API. Data...
CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms
More info at https://symfony.com/cve-2021-21424...
Smarty_Internal_Runtime_TplFunction Sandbox Escape PHP Code Injection
More info at https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html...
Non-jqueryMsg version of mw.message(…).parse() doesn't escape HTML
More info at https://phabricator.wikimedia.org/T115888...
Special:UserRights exposes the existence of hidden users
More info at https://phabricator.wikimedia.org/T232568...
TYPO3-CORE-SA-2020-007: Potential Privilege Escalation
More info at https://typo3.org/security/advisory/typo3-core-sa-2020-007...
Sensitive Information Disclosure in extension "Media Content Element" (mediace)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2020-014...
TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset
More info at https://typo3.org/security/advisory/typo3-core-sa-2020-001...
TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset
More info at https://typo3.org/security/advisory/typo3-core-sa-2020-001...
CVE-2020-5275: All rules set in "access_control" are required when the firewall is configured with the unanimous strategy
More info at https://symfony.com/cve-2020-5275...
SQL injection with processing username
More info at https://www.phpmyadmin.net/security/PMASA-2020-2/...
Relative Path Traversal (CWE-23) in chunked uploads
Description Impact The vulnerability was identified in the web service for a chunked file upload. While the names of the POST parameters vary with the used frontend, their values are always used in the same way to build a path where the chunks are stored and assembled temporarily. By not validati...
SQL injection relating to searching
More info at https://www.phpmyadmin.net/security/PMASA-2020-3/...
SQL injection in user accounts page
More info at https://www.phpmyadmin.net/security/PMASA-2020-1/...
SQL Injection in low-level Query Generator
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-025...
PRODSECBUG-2419: Bypass of sitemp access restrictions
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2425: Cross-Site Scripting via Signifyd Guarantee Option Translation Override
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
CVE-2019-12245: Incorrect access control vulnerability in files uploaded to protected folders
More info at https://www.silverstripe.org/download/security-releases/cve-2019-12245/...
Insecure Deserialization in TYPO3 CMS
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-020...
PRODSECBUG-2364: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
Cross-Site Scripting in CKEditor
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-005...
CVE-2018-19790: Open Redirect Vulnerability on login
More info at https://symfony.com/cve-2018-19790...
Loading JS from user space where the username is not a registered account is dangerous and should be banned
More info at https://phabricator.wikimedia.org/T207603...
jQuery vulnerability with untrusted domains.
More info at https://www.drupal.org/SA-CORE-2018-001...
CVE-2017-16790: Ensure that submitted data are uploaded files
More info at https://symfony.com/cve-2017-16790...
SQL injection vulnerabililty in the front end listing module
More info at https://contao.org/en/news/contao-448.html...
SQL injection vulnerabililty in the back end search filter
More info at https://contao.org/en/news/contao-448.html...
Unauthenticated encryption in CBC mode
More info at https://simplesamlphp.org/security/201704-01...
Multiple timing side-channel issues
More info at https://simplesamlphp.org/security/201703-01...
Full config export can be downloaded without administrative permissions
More info at https://www.drupal.org/SA-CORE-2016-004...
HTTP Proxy header vulnerability
Bug Fixes - Removed support for using HTTPPROXY environment variable for non-CLI apps per CVE-2016-5385 httpoxy. Graham Campbell 143 145 - Convert BUGSNAGNOTIFYRELEASESTAGES to a comma-delimited array Jason Graham Campbell 142 144...
Form API ignores access restrictions on submit buttons
More info at https://www.drupal.org/SA-CORE-2016-001...
Remote code execution in templates
More info at https://symfony.com/blog/security-release-twig-1-20-0...
class yii\web\ViewAction allowed to include arbitrary files that end with .php
More info at https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/...
CVE-2015-4050: ESI unauthorized access
More info at https://symfony.com/cve-2015-4050...
Denial of service with a malicious HTTP Host header
More info at https://symfony.com/cve-2014-5244...
The CDetailView widget allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property
More info at https://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/...
Request::getHost() poisoning
More info at https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released...
Deserialization Gadget chain in Swift Mailer
Summary Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. Details This vulnerability present no direct threat but is a vector that will enable remote code executio...
CVE-2019-10910: Check service IDs are valid
More info at https://symfony.com/cve-2019-10910...
CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser
More info at https://symfony.com/cve-2019-18888...
CVE-2019-10909: Escape validation messages in the PHP templating engine
More info at https://symfony.com/cve-2019-10909...