1702 matches found
PRODSECBUG-2244: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
Highly critical - Remote Code Execution
More info at https://www.drupal.org/sa-core-2018-002...
Exploit in the private channel authentication
More info at https://blog.pusher.com/update-on-security/...
Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...
Timing attack vector for remember me token
The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...
TYPO3-EXT-SA-2025-006: Insecure Direct Object Reference in extension "femanager" (femanager)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-006...
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...
TYPO3-CORE-SA-2022-004: Cross-Site Scripting in Frontend Login Mailer
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-004...
Cross site scripting via canonical URL
More info at https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html...
CVE-2022-21715: XSS Vulnerability in API\ResponseTrait in CodeIgniter4
Impact Cross-Site Scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4. Attackers can do XSS attacks if you are using API\ResponseTrait. Patches Upgrade to v4.1.8 or later. Workarounds Do one of the following: 1. Do not use API\ResponseTrait nor ResourceController 2. Disable...
CVE-2022-38724 - XSS in shortcodes
More info at https://www.silverstripe.org/download/security-releases/cve-2022-38724...
Untrusted code may be run from an overridden address validator
This is a security release. SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See SECURITY.md for details. The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in th...
Improper Certificate Validation in phpseclib
No description provided...
Insecure Deserialization of untrusted data
Impact Unserialization of untrusted data. Patches The issue has been patched and users of Requests 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0. References Publications about the vulnerability:...
User content can redirect the logout button to different URL
More info at https://phabricator.wikimedia.org/T232932...
PRODSECBUG-2494: Arbitrary file deletion through design layout update
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2418: SQL injection via marketing account with access to email templates variables
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2434: SQL injection in 'Catalog Products List' widget leading to privilege escalation
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2332: Remote code execution through arbitrary file inclusion
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2198: SQL Injection due to a flaw in MySQL adapter
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
PRODSECBUG-2363: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2349: Arbitrary code execution via file upload in admin import feature
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
PRODSECBUG-2226: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2320: Arbitrary code execution due to unsafe handling of system configuration
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
HTTP Proxy header vulnerability
More info at https://twitter.com/asyncphp/status/755136084917583872...
XXE/XEE vector when using ZendXml on multibyte payloads
More info at https://framework.zend.com/security/advisory/ZF2015-06...
CVE-2020-15143: Remote Code Execution in ParametersParser while using request parameters inside expression language
Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...
CVE-2023-46733: Potential XSS in WebhookController
More info at https://symfony.com/cve-2023-46733...
Argument injection via newline in PHP INI values forwarded to child processes
Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...
Denial of service caused by infinite recursion when parsing SVG images
More info at https://nvd.nist.gov/vuln/detail/CVE-2023-50262...
TYPO3-CORE-SA-2023-001: Persisted Cross-Site Scripting in Frontend Rendering
More info at https://typo3.org/security/advisory/typo3-core-sa-2023-001...
CVE-2022-39284: Config\Cookie Secure or HttpOnly flag not set in CodeIgniter4
Impact Setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. Note This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set $secure = true in Config\Cookie. php...
CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms
More info at https://symfony.com/cve-2021-21424...
TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-005...
TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized
More info at https://typo3.org/security/advisory/typo3-core-sa-2020-004...
PRODSECBUG-2484: Arbitrary file deletion through export data data transfer
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2300: Information about disabled products can be leaked due to inadequate validation checks
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-1513: Insufficient brute force protections on promo code entry
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...
PRODSECBUG-2173: Path traversal vulnerability in WYSIWYG editor.
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2301: Names of disabled products can be leaked due to inadequate validation checks
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...
PRODSECBUG-2347: Insufficient brute-forcing defenses in the token exchange protocol could be abused in carding attacks
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
PRODSECBUG-2307: Insufficient enforcement of user access controls can lead to unauthorized environment configuration changes
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
PRODSECBUG-2345: Stored cross-site scripting in the admin panel
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
Changes form previous version All previous changes is here. - VD:abstract fix animated image conversion on ImageMagick - Security,VD:abstract CVE-2019-9194 fix command injection vulnerability of PHP connector Special thanks to Thomas Chauchefoin Synacktiv for reporting this vulnerability...
CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS
More info at https://symfony.com/cve-2017-16653...
Remote Code Execution
Important security update! This release patches the critical vulnerability described in CVE-2016-10045 a remote code execution vulnerability, responsibly reported by Dawid Golunski, and patched by Paul Buonopane @Zenexer. Possible side effect - complex sender addresses such as those used in VERP...
Routes behind a firewall are accessible even when not logged in
More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...
Unauthenticated crypto and weak IV in Magento\Framework\Encryption
More info at http://www.openwall.com/lists/oss-security/2016/07/19/3...
Drupal core - Critical - Remote code execution - SA-CORE-2020-012
More info at https://www.drupal.org/sa-core-2020-012...
Potential URI resolution path traversal in the AWS SDK for PHP
More info at https://nvd.nist.gov/vuln/detail/CVE-2023-51651...