1702 matches found
TYPO3-CORE-SA-2021-011: Cross-Site Scripting in Backend Grid View
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-011...
CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms
More info at https://symfony.com/cve-2021-21424...
$this->validate() returns all properties, not just validated ones
IMPORTANT BUGFIX $this-validate usually only returns the validated dataset, however a regression was introduced, that caused it to return ALL data on the Livewire component. 1659...
CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header
More info at https://symfony.com/cve-2020-5255...
makeCollapsible allows applying event handler to any CSS selector
More info at https://phabricator.wikimedia.org/T246602...
PRODSECBUG-2465: Bypass of user confirmation mechanism
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
CVE-2019-14272: XSS in file titles managed through the CMS
More info at https://www.silverstripe.org/download/security-releases/cve-2019-14272/...
CVE-2019-14273: Broken Access control on files
More info at https://www.silverstripe.org/download/security-releases/cve-2019-14273/...
PRODSECBUG-2232: Arbitrary code execution via layout manipulation
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
PRODSECBUG-2353: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2363: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2349: Arbitrary code execution via file upload in admin import feature
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
PRODSECBUG-2300: Information about disabled products can be leaked due to inadequate validation checks
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2371: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2320: Arbitrary code execution due to unsafe handling of system configuration
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
PRODSECBUG-2369: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2317: Stored cross-site scripting in admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2320: Arbitrary code execution due to unsafe handling of system configuration
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
CVE-2019-12437: Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL
More info at https://www.silverstripe.org/download/security-releases/cve-2019-12437...
CVE-2019-12246: Denial of Service on flush and development URL tools
More info at https://www.silverstripe.org/download/security-releases/cve-2019-12246...
CVE-2019-1000011: Access control bypass in GraphQL mutations
Q A Bug fix? yes New feature? no BC breaks? no Deprecations? no Tests pass? yes Fixed tickets 2364 License MIT Doc PR This prevents passing IRIs belonging to different resource classes, which would bypass access control in some instances see 2364...
Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...
Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...
When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information
More info at https://phabricator.wikimedia.org/T187638...
CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password
More info at https://symfony.com/cve-2018-11407...
Settings Tray access bypass.
More info at https://www.drupal.org/SA-CORE-2018-001...
Use of insecure connection charset (sqlauth module)
More info at https://simplesamlphp.org/security/201801-03...
The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity
More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...
Views does not properly restrict access to the Ajax endpoint.
More info at https://www.drupal.org/SA-CORE-2017-004...
Files uploaded by anonymous users into a private file system can be accessed by other anonymous users
More info at https://www.drupal.org/SA-CORE-2017-003...
Editor module incorrectly checks access to inline private files
More info at https://www.drupal.org/SA-2017-001...
An error during signature verification can be treated as a successful verification.
…nse. In order to verify Signatures on Logoutrequests and LogoutResponses we use the verifySignature of the class XMLSecurityKey from the xmlseclibs library. That method end up calling opensslverify depending on the signature algorithm used. The opensslverify function returns 1 when the signature...
Denial of service via transliterate mechanism
More info at https://www.drupal.org/SA-CORE-2016-005...
Inconsistent name for term access query
More info at https://www.drupal.org/SA-CORE-2016-005...
Incorrect cache context on password reset page
More info at https://www.drupal.org/SA-CORE-2016-005...
Cross-site Scripting in http exceptions
More info at https://www.drupal.org/SA-CORE-2016-004...
Saving user accounts can sometimes grant the user all roles
More info at https://www.drupal.org/SA-CORE-2016-001...
Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word
More info at https://framework.zend.com/security/advisory/ZF2015-09...
JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks
More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...
Potential CRLF injection attacks in mail and HTTP headers
More info at https://framework.zend.com/security/advisory/ZF2015-04...
Invalid CSRF validation of null or incorrectly formatted token identifiers
More info at https://framework.zend.com/security/advisory/ZF2015-03...
XSS vulnerability in login redirect param
Security advisory: XSS vulnerability in login redirect param ZfcUser version 1.2.2 has been released and includes a security for this vulnerability. Fix has been applied in @baf0e460 Affected versions All versions below 1.2.2 are affected. dev-master is fixed starting from @2cc167a Exploits Becau...
XSS vulnerability exploitable on Internet Explorer
More info at http://htmlpurifier.org/news/2010/0531-4.1.1-released...
PHP Code Injection
phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...
Prevent installation typosquatting malware
More info at https://www.kernelmode.blog/typosquatting-malware-found-in-composer-repository/...
Timing attack vector for remember me token
The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...
XSS vulnerability on contacts view
Impact Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populat...
Use token when logging out
More info at https://phabricator.wikimedia.org/T25227...
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
More info at https://www.drupal.org/sa-core-2020-005...