1697 matches found
Potential SQL injection in PostgreSQL Zend\Db adapter
More info at https://framework.zend.com/security/advisory/ZF2015-02...
Potential SQL injection in PostgreSQL Zend\Db adapter
More info at https://framework.zend.com/security/advisory/ZF2015-02...
SS-2015-006: XSS In GridField print
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-006/...
SS-2015-007: XSS In FormAction
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-007/...
SS-2015-003: History XSS Vulnerability
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-003/...
SS-2015-005: VirtualPage XSS
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-005/...
SS-2015-004: TreeDropdownField and TreeMultiSelectField XSS
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-004/...
A directory traversal vulnerability allows back end users to view files outside their document root
More info at https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html...
XSS vulnerability in login redirect param
Security advisory: XSS vulnerability in login redirect param ScnSocialAuth version 1.15.2 has been released and includes a security for this vulnerability. Fix has been applied in 4a00966 Affected versions All versions below 1.15.2 are affected. dev-master is fixed starting from 4a00966 Exploits...
XSS vulnerability in login redirect param
Security advisory: XSS vulnerability in login redirect param ScnSocialAuth version 1.15.2 has been released and includes a security for this vulnerability. Fix has been applied in https://github.com/SocalNick/ScnSocialAuth/commit/4a00966c41bc37251586d007564c5c891eba3700 Affected versions All...
Session validation vulnerability
More info at https://framework.zend.com/security/advisory/ZF2015-01...
Session validation vulnerability
More info at https://framework.zend.com/security/advisory/ZF2015-01...
XSS vulnerability in login redirect param
Security advisory: XSS vulnerability in login redirect param ZfcUser version 1.2.2 has been released and includes a security for this vulnerability. Fix has been applied in @baf0e460 Affected versions All versions below 1.2.2 are affected. dev-master is fixed starting from @2cc167a Exploits Becau...
XSS vulnerability in login redirect param
Security advisory: XSS vulnerability in login redirect param ZfcUser version 1.2.2 has been released and includes a security for this vulnerability. Fix has been applied in @baf0e460 Affected versions All versions below 1.2.2 are affected. dev-master is fixed starting from @2cc167a Exploits Becau...
Header injection in NativeMailerHandler
Hopefully attacker controlled data is never used to set the encoding or content type, but just in case, prevent: $nmh = new NativeMailerHandler$to, $subject, $from; $nmh-setEncoding "utf-8\r\nFrom: [email protected]"; Since the injection happened in send, there doesn't seem to be a good way to a...
Header injection in NativeMailerHandler
Hopefully attacker controlled data is never used to set the encoding or content type, but just in case, prevent: $nmh = new NativeMailerHandler$to, $subject, $from; $nmh-setEncoding "utf-8\r\nFrom: [email protected]"; Since the injection happened in send, there doesn't seem to be a good way to a...
Possible cache poisining on the homepage when anchors are used
More info at https://typo3.org/security/advisory/typo3-core-sa-2014-003...
Possible link spoofing on the homepage when anchors are used
More info at https://typo3.org/security/advisory/typo3-core-sa-2014-003...
Denial of Service in OpenID System Extension
More info at https://typo3.org/security/advisory/typo3-core-sa-2014-002...
Arbitrary Shell Execution in Swiftmailer library
More info at https://typo3.org/security/advisory/typo3-core-sa-2014-002...
Anonymous authentication in ldap_bind() function of PHP, using null byte
More info at https://framework.zend.com/security/advisory/ZF2014-05...
SQL injection vector when manually quoting values for sqlsrv extension, using null byte
More info at https://framework.zend.com/security/advisory/ZF2014-06...
Anonymous authentication in ldap_bind() function of PHP, using null byte
More info at https://framework.zend.com/security/advisory/ZF2014-05...
SQL injection vector when manually quoting values for sqlsrv extension, using null byte
More info at https://framework.zend.com/security/advisory/ZF2014-06...
Anonymous authentication in ldap_bind() function of PHP, using null byte
More info at https://framework.zend.com/security/advisory/ZF2014-05...
SQL injection vector when manually quoting values for sqlsrv extension, using null byte
More info at https://framework.zend.com/security/advisory/ZF2014-06...
Potential XXE security issue
improved XXE fix CVE-2014-2053...
Potential XXE security issue
improved XXE fix CVE-2014-2053...
Entropy is lost in the TokenGenerator
More info at https://symfony.com/blog/fosuserbundle-entropy-of-generated-tokens-is-lost...
CSRF vulnerability in the Web Profiler
More info at https://symfony.com/cve-2014-6072...
CSRF vulnerability in the Web Profiler
More info at https://symfony.com/cve-2014-6072...
Direct access of ESI URLs behind a trusted proxy
More info at https://symfony.com/cve-2014-5245...
Direct access of ESI URLs behind a trusted proxy
More info at https://symfony.com/cve-2014-5245...
Security issue when parsing the Authorization header
More info at https://symfony.com/cve-2014-6061...
Security issue when parsing the Authorization header
More info at https://symfony.com/cve-2014-6061...
Denial of service with a malicious HTTP Host header
More info at https://symfony.com/cve-2014-5244...
Denial of service with a malicious HTTP Host header
More info at https://symfony.com/cve-2014-5244...
SS-2014-017: XML Quadratic Blowup Attack
More info at https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/...
Fixed potential path traversal attack and remote code injection
This is a security release. All users MUST upgrade to this release to prevent two potential security issues: path traversal attack remote code injection These two security issues have been reported by Andreas Forsblom. THANKS! Below is the original report Andreas sent me: Hi William, First, thank...
Fixed potential path traversal attack and remote code injection
This is a security release. All users MUST upgrade to this release to prevent two potential security issues: - path traversal attack - remote code injection These two security issues have been reported by Andreas Forsblom. THANKS! Below is the original report Andreas sent me: Hi William, First,...
Code injection in the way Symfony implements translation caching in FrameworkBundle
More info at https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released...
Code injection in the way Symfony implements translation caching in FrameworkBundle
More info at https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released...
The CDetailView widget allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property
More info at https://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/...
Sendmail transport arbitrary shell execution
More info at http://blog.swiftmailer.org/post/88660759928/security-fix-swiftmailer-5-2-1-released...
Sendmail transport arbitrary shell execution
More info at http://blog.swiftmailer.org/post/88660759928/security-fix-swiftmailer-5-2-1-released...
Potential SQL injection in the ORDER implementation of Zend_Db_Select
More info at https://framework.zend.com/security/advisory/ZF2014-04...
Possible Host Spoofing through SERVER_NAME
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...
Failing to properly encode user input, several backend components are susceptible to XSS
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...
Improper Session Invalidation
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...
Information disclosure in the Extbase framework
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...