1702 matches found
Information Disclosure Security Note
More info at https://www.neos.io/blog/neos-workspace-disclosure-security.html...
Cross-Site Scripting in Fluid ViewHelpers
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-005...
SS-2018-019: Possible denial of service attack vector when flushing
More info at https://www.silverstripe.org/download/security-releases/ss-2018-019/...
Denial of Service in Frontend Record Registration
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-012...
Cross-Site Scripting in Backend Modal Component
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-007...
SS-2018-007: CSRF vulnerability in graphql
More info at https://www.silverstripe.org/download/security-releases/ss-2018-007/...
SUPEE-10975 - Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
More info at https://magento.com/security/patches/supee-10975...
SS-2018-016: Unsafe SQL Query Construction (Safe Data Source)
More info at https://www.silverstripe.org/download/security-releases/ss-2018-016/...
SS-2018-018: Database credentials disclosure during connection failure
More info at https://www.silverstripe.org/download/security-releases/ss-2018-018/...
Authentication Bypass in TYPO3 CMS
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-001...
CSRF vulnerability in the admin panel
More info at https://sylius.com/blog/csrf-vulnerability-in-admin-panel/...
URL Rewrite vulnerability
More info at https://framework.zend.com/security/advisory/ZF2018-01...
URL Rewrite vulnerability
More info at https://framework.zend.com/security/advisory/ZF2018-01...
SS-2018-001: Privilege Escalation Risk in Member Edit form
More info at https://www.silverstripe.org/download/security-releases/ss-2018-001/...
Potential SQL injection vector
The SelectLimit function has a potential SQLi exploit through the use of the nrows and offset parameters which are not forced to integers. Fixes 400...
SS-2017-006: Session user agent change detection
More info at https://www.silverstripe.org/download/security-releases/ss-2017-006/...
SS-2017-005: User enumeration via timing attack on login and password reset forms
More info at https://www.silverstripe.org/download/security-releases/ss-2017-005/...
Arbitrary Code Execution in TYPO3 CMS
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/...
Cookie leakage to wrong origins and non-restricted cookie acceptance
Security and maintenance release. - Security: Previously cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax follows newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, b...
An error during signature verification can be treated as a successful verification.
Security update for signature validation on LogoutRequest/LogoutResponse. In order to verify Signatures on Logoutrequests and LogoutResponses we use the verifySignature of the class XMLSecurityKey from the xmlseclibs library. That method end up calling opensslverify depending on the signature...
Remote Code Execution in Qquoteadv/controllers/DownloadController.php
More info at https://cart2quote.zendesk.com/hc/en-us/articles/115000616303--FIXED-Security-Vulnerability-in-downloadCustomOptionAction...
Remote Code Execution in third party library swiftmailer
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-001/...
Potential remote code execution in zend-mail via Sendmail adapter
More info at https://framework.zend.com/security/advisory/ZF2016-04...
Critical vulnerabilities in JSON Web Token libraries
More info at https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/...
Cross-Site Scripting in TYPO3 Backend
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-009/...
Cross-Site Scripting in TYPO3 component Backend
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/...
SS-2016-002: CSRF vulnerability in GridFieldAddExistingAutocompleter
More info at https://www.silverstripe.org/download/security-releases/ss-2016-002/...
SQL Injection in dbal
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-016/...
Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word
More info at https://framework.zend.com/security/advisory/ZF2015-09...
Arbitrary file upload and XML External Entity processing
More info at https://www.neos.io/blog/flow-sa-2015-001.html...
Remote File Inclusion through View template name manipulation
More info at https://bakery.cakephp.org/2015/11/05/cakephp30153142612276released.html...
Filesystem Permissions Issues in Multiple Components
More info at https://framework.zend.com/security/advisory/ZF2015-07...
Filesystem Permissions Issues in Multiple Components
More info at https://framework.zend.com/security/advisory/ZF2015-07...
SS-2015-015: XSS in dev/build returnURL Parameter
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-015/...
SS-2015-018: File upload exposure on UserForms module
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-018/...
Forced Redirect to External Website
More info at https://www.orocrm.com/blog/news/orocrm-security-announcement...
Access bypass when editing file metadata
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002/...
SS-2015-014: Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-014/...
Privilege Escalation in TYPO3 Neos
More info at https://www.neos.io/blog/neos-sa-2015-001.html...
SS-2016-015: XSS In OptionsetField and CheckboxSetField
More info at https://www.silverstripe.org/download/security-releases/ss-2016-015/...
XSS injection in backoffice
More info at https://thelia.net/version-2-1-2-with-security-fix...
Session validation vulnerability
More info at https://framework.zend.com/security/advisory/ZF2015-01...
Insufficient input validation allows for code injection and remote execution
More info at https://contao.org/en/news/new-security-hole-found-in-contao.html...
Potential XSS vector in multiple view helpers
More info at https://framework.zend.com/security/advisory/ZF2014-03...
Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer
More info at https://framework.zend.com/security/advisory/ZF2014-02...
Possible DOS attack with long user-submitted passwords
More info at https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released...
Potential SQL injection due to execution of platform-specific SQL containing interpolations
More info at https://framework.zend.com/security/advisory/ZF2013-03...
local file access in `Client:send` via manipulation of `$protocol` argument
security fix: hardened the Client::send method against misuse of the $method argument issue 81. Abusing its value, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakne...
Vulnerability in the EntityUserProvider as provided in the Doctrine bridge
More info at https://symfony.com/blog/security-release-symfony-2-0-6...
Denial of Service vector via XEE injection
More info at https://framework.zend.com/security/advisory/ZF2012-02...