1702 matches found
CVE-2018-11386: Denial of service when using PDOSessionHandler
More info at https://symfony.com/cve-2018-11386...
CVE-2018-11408: Open redirect vulnerability on security handlers
More info at https://symfony.com/cve-2018-11408...
CVE-2018-11385: Session Fixation Issue for Guard Authentication
More info at https://symfony.com/cve-2018-11385...
CVE-2018-11406: CSRF Token Fixation
More info at https://symfony.com/cve-2018-11406...
CVE-2018-11406: CSRF Token Fixation
More info at https://symfony.com/cve-2018-11406...
CVE-2018-11385: Session Fixation Issue for Guard Authentication
More info at https://symfony.com/cve-2018-11385...
CVE-2018-11406: CSRF Token Fixation
More info at https://symfony.com/cve-2018-11406...
CVE-2018-11406: CSRF Token Fixation
More info at https://symfony.com/cve-2018-11406...
CVE-2018-11408: Open redirect vulnerability on security handlers
More info at https://symfony.com/cve-2018-11408...
SS-2018-012: Uploaded PHP script execution in assets
More info at https://www.silverstripe.org/download/security-releases/ss-2018-012/...
SS-2018-013: Passwords sent back to browsers under some circumstances
More info at https://www.silverstripe.org/download/security-releases/ss-2018-013/...
SS-2018-008: BackURL validation bypass with malformed URLs
More info at https://www.silverstripe.org/download/security-releases/ss-2018-008/...
SS-2018-006: Code execution vulnerability
More info at https://www.silverstripe.org/download/security-releases/ss-2018-006/...
SS-2018-010: Member disclosure in login form
More info at https://www.silverstripe.org/download/security-releases/ss-2018-010/...
SS-2018-005: isDev and isTest unguarded
More info at https://www.silverstripe.org/download/security-releases/ss-2018-005/...
XSS in some development error pages
More info at https://bakery.cakephp.org/2018/05/20/cakephp36435173414released.html...
SS-2018-011: SQL injection vulnerability
More info at https://www.silverstripe.org/download/security-releases/ss-2018-011/...
SS-2018-014: Dangerous file types in allowed upload
More info at https://www.silverstripe.org/download/security-releases/ss-2018-014/...
SS-2018-001: Privilege Escalation Risk in Member Edit form
More info at https://www.silverstripe.org/download/security-releases/ss-2018-001/...
Trusted-Directory Bypass via Path Traversal
Smarty Trusted-Directory Bypass via Path Traversal\nVulnerability Overview\nSmarty 3.1.32 or below is prone to a path traversal vulnerability due\nto insufficient sanitization of code in Smarty templates. This allows\nattackers controlling the Smarty template to bypass the trusted\ndirectory...
Trusted-Directory Bypass via Path Traversal
Smarty Trusted-Directory Bypass via Path Traversal Vulnerability Overview Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient sanitization of code in Smarty templates. This allows attackers controlling the Smarty template to bypass the trusted directory security...
Trusted-Directory Bypass via Path Traversal
if you enable secrity .$trusteddir is an array of all directories that are considered trusted. Trusted directories are where you keep php scripts that are executed directly from the templates . the attackers can use ../ to bypass the dir ,if they can editing the templates, they read any file they...
Cross-site scripting (XSS) vulnerability in the system log of the back end
More info at https://contao.org/en/news/contao-3535.html...
Cross-site scripting (XSS) vulnerability in the system log of the back end
More info at https://contao.org/en/news/contao-4418.html...
Cross-site scripting (XSS) vulnerability in the system log of the back end
More info at https://contao.org/en/news/contao-4418.html...
Information disclosure of source code
More info at https://simplesamlphp.org/security/202004-01...
Crypt encryption compromised.
More info at https://fuelphp.com/security-advisories...
Highly critical - Remote Code Execution
More info at https://www.drupal.org/sa-core-2018-002...
Highly critical - Remote Code Execution
More info at https://www.drupal.org/sa-core-2018-002...
Potential remote code execution in LUA context of the redis server via methods `yii\redis\ActiveRecord::findOne()` and `::findAll()`
More info at https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/...
Possibility of manipulated condition when unfiltered input is passed to `yii\elasticsearch\ActiveRecord::findOne()` and `::findAll()`
More info at https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/...
Potential SQL injection in methods `yii\db\ActiveRecord::findOne()` and `::findAll()`
More info at https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/...
Potential SQL injection in methods `yii\db\ActiveRecord::findOne()` and `::findAll()`
More info at https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/...
Incorrect header injection check
Security: Reject header injections correctly, see 4...
Potential SQL injection vector
The SelectLimit function has a potential SQLi exploit through the use of the nrows and offset parameters which are not forced to integers. Fixes 400...
Potential SQL injection vector
The SelectLimit function has a potential SQLi exploit through the use of the nrows and offset parameters which are not forced to integers. Fixes 400...
Incorrect signature validation
More info at https://simplesamlphp.org/security/201803-01...
Incorrect signature validation
More info at https://simplesamlphp.org/security/201802-01...
JavaScript cross-site scripting prevention is incomplete.
More info at https://www.drupal.org/SA-CORE-2018-001...
jQuery vulnerability with untrusted domains.
More info at https://www.drupal.org/SA-CORE-2018-001...
Comment reply form allows access to restricted content.
More info at https://www.drupal.org/SA-CORE-2018-001...
External link injection on 404 pages when linking to the current page.
More info at https://www.drupal.org/SA-CORE-2018-001...
JavaScript cross-site scripting prevention is incomplete.
More info at https://www.drupal.org/SA-CORE-2018-001...
Private file access bypass.
More info at https://www.drupal.org/SA-CORE-2018-001...
Language fallback can be incorrect on multilingual sites with node access restrictions.
More info at https://www.drupal.org/SA-CORE-2018-001...
External link injection on 404 pages when linking to the current page.
More info at https://www.drupal.org/SA-CORE-2018-001...
Settings Tray access bypass.
More info at https://www.drupal.org/SA-CORE-2018-001...
Private file access bypass.
More info at https://www.drupal.org/SA-CORE-2018-001...
jQuery vulnerability with untrusted domains.
More info at https://www.drupal.org/SA-CORE-2018-001...
Language fallback can be incorrect on multilingual sites with node access restrictions.
More info at https://www.drupal.org/SA-CORE-2018-001...