1697 matches found
Cross-Site Scripting
I've picked up on the work started over at 276 and rebased on erusev/master. Since this is rebased on master, I can't point at PR at naNuke/master without running into the merge conflicts that I've already resolved manually. I've implemented what I suggested earlier so that all attributes are...
Insecure Random Number Generator
Insecure RNG: https://github.com/stormpath/stormpath-sdk-php/blob/15aee3007b8aa41c20cdf28fd650b8a2368a7fa9/src/Util/UUID.phpL167-L181 Insecure RNG fallback: https://github.com/stormpath/stormpath-sdk-php/blob/62698ea98ef89217f932e28cf3e511d39af3b4cf/src/Authc/Api/ApiKeyEncryptionOptions.phpL48-L5...
Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003
More info at https://www.drupal.org/sa-core-2021-003...
CVE-2024-50345: Open redirect via browser-sanitized URLs
More info at https://symfony.com/cve-2024-50345...
Code injection vulnerability in allSelectors()
More info at https://packetstormsecurity.com/files/cve/CVE-2020-13756...
Padding Oracle Vulnerability in RSA Encryption
Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...
CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch
More info at https://symfony.com/cve-2026-46626...
CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie
More info at https://symfony.com/cve-2024-51996...
Command injection via malicious Perforce repository definition
Impact The Perforce::generateP4Command method constructed shell commands by interpolating user-supplied Perforce connection parameters port, user, client without proper escaping. An attacker controlling a repository configuration in a malicious composer.json declaring a Perforce VCS repository...
CVE-2024-53277 - XSS in form messages
More info at https://www.silverstripe.org/download/security-releases/cve-2024-53277...
CVE-2024-47605 - XSS via insert media remote file oembed
More info at https://www.silverstripe.org/download/security-releases/cve-2024-47605...
CVE-2023-32302 - Members with no password can be created and bypass custom login forms
More info at https://www.silverstripe.org/download/security-releases/CVE-2023-32302...
CVE-2021-27938: XSS in CreateQueuedJobTask
More info at https://www.silverstripe.org/download/security-releases/cve-2021-27938...
CVE-2019-11325: Fix escaping of strings in VarExporter
More info at https://symfony.com/cve-2019-11325...
PRODSECBUG-2448: Cross side scripting via admin panel dashboard
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2440: Information disclosure through processing of external XML entities
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2470: Remote Code Execution in email templates
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2458: Cross-Site Scripting in image file names
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
Vulnerability to bypass two-factor authentication with unverified JWT trusted device token
Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. Please either disable the trusted feature in your application or upgrade to a bundle...
PRODSECBUG-2366: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
PRODSECBUG-2348: Sensitive data disclosure via crafted two factor edit user form
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...
PRODSECBUG-2345: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2202: Security bypass via form data injection
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
PRODSECBUG-2187: Cross-site request forgery (CSRF) in checkout cart item
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...
Information Disclosure in Page Tree
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-009...
Information Disclosure in Install Tool
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-010...
CVE-2018-19789: Temporary uploaded file path disclosure
More info at https://symfony.com/cve-2018-19789...
Action case insensitivity
Fix security breach = required role for action was not required for Action nor ACTION. Thanks to [email protected]...
Authentication Bypass in TYPO3 CMS
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-001...
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-002...
Adminer script versions up to 4.6.2 contains file disclosure vulnerability
More info at https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability...
Potential SQL injection vector
The SelectLimit function has a potential SQLi exploit through the use of the nrows and offset parameters which are not forced to integers. Fixes 400...
SQL injection possible with limit() on MySQL
The limit query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: php UserQuery::create-limit'1;DROP TABLE users'-find; This will drop the users table! The cause appears to be a lack of integer casting of the limit input in either...
Arbitrary shell execution
Security Advisory - This release contains a fix for a security advisory related to the improper handling of a shell command - A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option - All version 3 users are encouraged to upgrad...
Potential SQL injection in ORDER and GROUP functions of ZF1
More info at https://framework.zend.com/security/advisory/ZF2016-03...
Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey
More info at https://framework.zend.com/security/advisory/ZF2015-10...
CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service
More info at https://symfony.com/cve-2015-8125...
XSS attack vector in Security Library method xss_clean()
More info at https://www.codeigniter.com/userguide/changelog.htmlversion-3-0-3...
Sendmail transport arbitrary shell execution
More info at http://blog.swiftmailer.org/post/88660759928/security-fix-swiftmailer-5-2-1-released...
SecurityComponent cross form submission issue
More info at https://bakery.cakephp.org/2014/04/29/CakePHP-1-3-18-and-2-4-8-released.html...
Fixed issue with broken validation of JSONP callbacks
More info at https://symfony.com/blog/fosrestbundle-security-issue-with-jsonp-handler...
Possible DOS attack with long user-submitted passwords
More info at https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released...
code injection in `Wrapper::buildClientWrapperCode` via manipulation of the `$client` argument
security fix: hardened the Client::send method against misuse of the $method argument issue 81. Abusing its value, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakne...
Security fixes related to the way XML is handled
More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...
Potential XSS vector in Zend_Service_ReCaptcha_MailHide
More info at https://framework.zend.com/security/advisory/ZF2010-05...
CVE-2024-50345: Open redirect via browser-sanitized URLs
More info at https://symfony.com/cve-2024-50345...
Deserialization of Untrusted Data
This affects the package codeception/codeception from 4.0.0 before 4.1.22 and before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...
XSS in various backend modules
More info at https://www.neos.io/blog/xss-in-various-backend-modules.html...
`{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
More info at https://symfony.com/cve-2026-46638...
CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence
More info at https://symfony.com/cve-2026-46644...