1702 matches found
Deserialization Gadget chain in Swift Mailer dependancy
Summary Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. Details This vulnerability present no direct threat but is a vector that will enable remote code executio...
TYPO3-EXT-SA-2023-011: Configuration Injection in extension "Direct Mail" (direct_mail)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-011...
PHP object injection attack vulnerability in Slim.
https://github.com/slimphp/Slim/blob/master/Slim/Middleware/SessionCookie.phpL127 Generally, it's a bad idea to blindly unserialize user-controllable input. https://www.owasp.org/index.php/PHPObjectInjection EDIT - for people who don't want to read the whole thread: The SessionCookie class is not...
XXE Vulnerability
This is: - X a bug report - a feature request - not a usage question ask them on https://stackoverflow.com/questions/tagged/phpspreadsheet or https://gitter.im/PHPOffice/PhpSpreadsheet What is the expected behavior? The securityScan function is used to prevent XXE attacks. What is the current...
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Description Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to ...
Snappy PHAR deserialization vulnerability
Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar:// wrapper...
Improper Input Validation in headers
Description Impact Improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. Patches The issue is patched in 1.6.1...
Test code in published microsoft-graph package exposes phpinfo()
More info at https://nvd.nist.gov/vuln/detail/CVE-2023-49282...
symfony/ux-autocomplete Prevent injection of invalid entity ids for "autocomplete" fields
Impact Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. Affected applications are any that use: A custom querybuilder option to limit the valid results; AND An EntityType with 'autocomplete' = true or a custom...
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2 (see CVE-2013-1967)
More info at https://contao.org/en/news/contao-3515.html...
PHP Code Injection
phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...
Observable Response Discrepancy on Admin Login
Impact It allows over the Admin Login form to detect which user username, email exists and which one do not exist. Impacted by this issue are Sulu installation = 2.5.0 and getMessage; instead the $exception-getMessageKey; References Currently no references...
PRODSECBUG-2246: Stored cross-site scripting in the WYSIWYG editor
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PHAR deserialization allowing remote code execution
Description snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitra...
PRODSECBUG-2351: Arbitrary code execution via crafted sitemap creation
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
Class-Name Injection
Tested on 1.8.0-beta-5 In safe mode with html markup disabled, it is possible to insert any classname into a code block like this: \js any-class-name with spaces code \ renders as: code infostring needs some cleanup here:...
TOCTOU Race Condition enabling remote code execution
Impact The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions: - A user is allowed to supply the path or filename of an uploaded file. - The supplied...
Deserialization Gadget chain in Symfony sfNamespacedParameterHolder
Summary Symfony 1 has a gadget chain due to dangerous unserialize in sfNamespacedParameterHolder class that would enable an attacker to get remote code execution if a developer unserialize user input in his project. Details This vulnerability present no direct threat but is a vector that will...
PRODSECBUG-2402: Cross-Site Scripting via Attribute Set Name
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2462: Remote code execution via file upload in admin import feature
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
XXE Vulnerability
This is: - X a bug report - a feature request - not a usage question ask them on https://stackoverflow.com/questions/tagged/phpspreadsheet or https://gitter.im/PHPOffice/PhpSpreadsheet What is the expected behavior? The securityScan function is used to prevent XXE attacks. What is the current...
Cross-Site Scripting
I've picked up on the work started over at https://github.com/erusev/parsedown/pull/276 and rebased on erusev/master. Since this is rebased on master, I can't point at PR at naNuke/master without running into the merge conflicts that I've already resolved manually. I've implemented what I suggest...
Parsoid comment fostering allows for inserting mostly arbitrary <meta> tags
More info at https://phabricator.wikimedia.org/T279451...
XSS Vulnerability in HTML Writer
This is: - X a bugfix - a new feature Checklist: - X Changes are covered by unit tests - X Code style is respected - X Commit message explains why the change is made see https://github.com/erlang/otp/wiki/Writing-good-commit-messages - X CHANGELOG.md contains a short summary of the change -...
PHP remote file inclusion vulnerability in dompdf.php
This release is superseded by version 0.7.0 This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf. Please read the new docume...
TYPO3-EXT-SA-2023-005: SQL Injection in extension "ipandlanguageredirect" (ipandlanguageredirect)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-005...
PRODSECBUG-2369: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2378: Stored cross-site scripting in the Return Product comments feature
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
Fixed potential path traversal attack and remote code injection
This is a security release. All users MUST upgrade to this release to prevent two potential security issues: - path traversal attack - remote code injection These two security issues have been reported by Andreas Forsblom. THANKS! Below is the original report Andreas sent me: Hi William, First,...
PHP Code Injection
phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...
TYPO3-EXT-SA-2024-004: Broken Access Control in "Integration of Friendly Captcha" (friendlycaptcha_official)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2024-004...
Microweber Business Logic Errors
More info at https://nvd.nist.gov/vuln/detail/CVE-2023-6566...
Deserialization Gadget chain in Swift Mailer
Summary Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. Details This vulnerability present no direct threat but is a vector that will enable remote code executio...
PRODSECBUG-2398: Cross-Site Scripting via Customer Attribute Labels
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2177: Insufficient server side validations leads to Insecure File upload vulnerability
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...
CVE-2019-11325: Fix escaping of strings in VarExporter
More info at https://symfony.com/cve-2019-11325...
PRODSECBUG-2301: Names of disabled products can be leaked due to inadequate validation checks
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...
PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding
More info at https://nvd.nist.gov/vuln/detail/CVE-2023-6027...
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...
CVE-2021-27938: XSS in CreateQueuedJobTask
More info at https://www.silverstripe.org/download/security-releases/cve-2021-27938...
PRODSECBUG-2353: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2371: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
HTTP Proxy header vulnerability
Bugfixes Mitigate HTTPoxy vulnerability 23...
Fixed potential path traversal attack and remote code injection
This is a security release. All users MUST upgrade to this release to prevent two potential security issues: path traversal attack remote code injection These two security issues have been reported by Andreas Forsblom. THANKS! Below is the original report Andreas sent me: Hi William, First, thank...
TYPO3-EXT-SA-2025-004: Insecure Direct Object Reference in extension "Download manager" (reint_downloadmanager)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-004...
Cross-Site Scripting
More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-011...
PRODSECBUG-2401: Cross-Site Scripting via Customer Attribute Option Value
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2095: Defense-in-depth session validation check implemented
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...
PRODSECBUG-2272: XPath Injection via front end rendering functionality
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...