Advisories

Parsing a file with a malicious name leads to arbitrary OS command injection, this is especially risky when parsing user-supplied files on a server (e.g. uploaded files).

Sails has an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when allRoutes is set to true and origin is set to * …

Extension URIs (resource://…) bypass Content-Security-Policy in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacked can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection.

Nunjucks has a cross site scripting (XSS) vulnerability in autoescape mode: all template vars should automatically be escaped. By using an array for the keys, it is possible to bypass autoescaping and inject content into the DOM.

By sending a Mb websocket message to a uws server instance, it is possible to crash the node process by exceeding V8's maximum string size.

If an attacker can trick an unsuspecting user into viewing a specially crafted plot on a site that uses plotly.js, then the attacker could potentially retrieve authentication tokens and perform actions on behalf of the user.

An arbitrary code injection vector was found via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.

Arbitrary code execution is possible through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function.

The exception handling code in this package allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

PySAML2 is vulnerable to XML External Entity attacks (XEE attacks) via SAML XML requests.

Null reset codes are allowed through sentry.

Vulnerability to Response Wrapping attacks resulting in a malicious user gaining unauthorized access to a system.

The system.temporary route allows the download of a full config export. The full config export should be limited to those with "Export configuration" permission.

The system.temporary route allows the download of a full config export. The full config export should be limited to those with "Export configuration" permission.

Users who have rights to edit a node can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.

Users who have rights to edit a node can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.

Remote attackers could cause a denial of service (CPU and disk consumption) via a long URL.

The qstr method in the PDO driver in the ADOdb Library for PHP might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.

An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection.

An attacker can create a specially crafted url, which can execute arbitrary code in the victim’s browser if loaded. Drupal is not properly sanitizing an exception.

An attacker can create a specially crafted url, which can execute arbitrary code in the victim’s browser if loaded. Drupal is not properly sanitizing an exception.

The library does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.

ImageMagick driver does not escape all shell arguments.

CRLF injection vulnerability in the Undertow web server allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Nokogiri is affected via its dependency libxml2. CVE-2016-4448: Format string vulnerability in libxml2 allows attackers to have unspecified impact via format string specifiers in unknown vectors. CVE-2016-4658: libxml2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. CVE-2016-5131: libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the …

xpointer.c in libxml2 (as used in Apple iOS, OS X, tvOS, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

This package is vulnerable to Open Redirect attacks.

This package allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.

Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability.

Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in …

The User module in Drupal allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

The User module in Drupal allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

The Views module in Drupal and the Views module might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.

The Views module in Drupal and the Views module might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.

The implementation of ORDER BY and GROUP BY in Zend_Db_Select is prone to SQL injection when a combination of SQL expressions and comments are used.

There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155.

RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.

There is a possible XSS vulnerability in Action View. Text declared as HTML safe will not have quotes escaped when used as attribute values in tag helpers.

There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers.

The Rails gem does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request.

There's a flaw in the DB schema where reset_password_code is NULL by default. If an attacker is able to provide a NULL reset code to the package, there are no guards against arbitrary anonymous password resets. In many cases, submitting a url-encoded null byte value (%00) will match what's in the database, passing the check and allowing the attacker to set the password to what they wish.

Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.

Critical vulnerabilities in JSON Web Token libraries.

Cookie-signature is vulnerable to timing attacks.

A cross site scripting (XSS) vulnerability was introduced due to a change from text to html functions in how JSON elements are rendered.

c3 contain a cross site scripting (XSS) vulnerability through improper html sanitization on rendered tooltips.

Specifically crafted MQTT packets can crash the application, making a DoS attack feasible with very little bandwidth.

Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings allows remote attackers to inject arbitrary web script or HTML via the swf parameter.

This package is vulnerable to Cross-Site Request Forgery (CSRF) attacks.

There's a cross site scripting (XSS) vulnerability in the url query string parameter.

List of key / value pairs assigned to OptionsetField or CheckboxSetField do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.

A cross-site scripting vulnerability in VersionedRequestFilter has been found. If an incoming user request should not be able to access the requested stage, an error message is created for display on the CMS login page that they are redirected to. In this error message, the URL of the requested page is interpolated into the error message without being escaped; hence, arbitrary HTML can be injected into the CMS login page.

If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users.

When a user changes their password, the internal salt used for hashing their password is not updated.

The SS_Report, and the reports CMS section only checks canView() when listing the reports that can be viewed by the current user. It does not (and should) perform canView checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.

The core template framework/templates/Includes/GridField_print.ss uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because Member->getName() just returns the raw FirstName + Surname as a string, which is injected directly.

After performing a password reset, ChangePasswordForm::doChangePassword() logs in the user without checking Member::canLogIn(). This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like Member::canLogIn() was originally designed to only be used for checking whether the user is locked out (due …

Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. The debug view also used innerHTML.

This module does not validate the KDC, which might allow an attacker with network access and enough time to spoof the KDC and impersonate a valid user without knowing their credentials.

rhq allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.

Sanitization of HTML strings is not applied recursively to input, allowing an attacker to potentially inject script and other markup.

ezseed-transmission downloads a script from http://stedolan.github.io/jq/download/linux64/jq without checking the certificate. An attacker on the same network or on an ISP level could intercept the traffic and push their own version of the file, causing the attackers code to be executed.

Cross-site scripting (XSS) vulnerability in Apache Archiva allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action.

Since "algorithm" isn't enforced in jws.verify(), a malicious user could choose what algorithm is sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.

There's a critical SQL injection bug in the ODBC database driver.

By using a malicious server which returns script as the value of the Content-Type header, it is possible to execute arbitrary code using the demonstration capabilities of Swagger-UI.

Primary functions of emojione do not properly sanitize input and are thus vulnerable to cross site scripting (XSS). If you application passes user supplied input to these functions, it may be vulnerable to this attack.

There exists a cross site scripting (XSS) vulnerability in the Pillbox feature of FuelUX. By supplying a script as a value for a new pillbox, it is possible to cause arbitrary script execution.

Cross site scripting vulnerability in the drag and drop functionality for modifying tree data. A node that contains a standard XSS vector will have its payload execute when a user attempts to drag a node to a different position in the hierarchy.

There's a cross site scripting (XSS) issue when rendered inside a _block during client side rendering. Server side rendering is not affected and is properly escaped.

Use-after-free vulnerability in libxml2, as used in Google Chrome, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

Tough-cookie contain a vulnerable regular expression that, under certain conditions involving long strings of semicolons in the "Set-Cookie" header, causes the event loop to block for excessive amounts of time.

Swagger-ui contains a cross site scripting (XSS) vulnerability in the key names for the following object path in the JSON document: .definitions.{USER_DEFINED}.properties.{INJECTABLE_KEY_NAME}. Supplying a key name with script tags causes arbitrary code execution. In addition it is possible to load the arbitrary JSON files remotely via the URL query-string parameter.

jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Three functions exposed by the Gmail.js API (not the Google Gmail API) are vulnerable to DOM-based cross site scripting. The three functions are tools.parse_response, helper.get.visible_emails_post, and helper.get.email_data_post. Each one of these functions calls new Function() with user data passed as the argument.

Three functions exposed by the Gmail.js API (not the Google Gmail API) are vulnerable to DOM-based cross site scripting (DOMXSS). The three functions are tools.parse_response, helper.get.visible_emails_post, and helper.get.email_data_post. Each one of these functions calls new Function() with user data passed as the argument./n/nThis vulnerability is being disclosed before a public patched version is available because the issue was reported in a public Github issue.

Growl does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

The attribute usemap can be used as a security exploit.

Contains a cross site scripting vulnerability (XSS) via the itemTitle parameter. By supplying a malicious value for this parameter, it is possible to execute arbitrary code.

Swagger-UI contains a cross site scripting (XSS) vulnerability in the consumes and produces parameters of the swagger JSON document for a given API. A maliciously crafted swagger JSON doc can be loaded via the URL query-string parameter url.

SQL Injection in TYPO3 Frontend Login.

Information Disclosure in TYPO3 Backend.

Environment Variable Injection.

Insecure Unserialize in TYPO3 Import/Export.

Cross-Site Scripting in third party library mso/idna-convert.

Cross-Site Scripting in TYPO3 Backend.

Cross-Site Scripting vulnerability in typolinks.

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict: RFC (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY and HTTP_PROXY is a popular environment variable used to configure an outgoing proxy. This leads to a remotely exploitable vulnerability.

SequelizeJS is vulnerable to SQL injection via GeoJSON documents containing a value with a single quote. This vulnerability affects postresql/postgis as well as MySQL.

PHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration …

PHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration …

humbug_get_contents is affected by httpoxy, a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. If a vulnerable HTTP client makes an outgoing HTTP connection, while running in a server-side CGI application, an attacker may be able to: * Proxy the outgoing HTTP requests made by the web application * Direct the server to open outgoing connections to an address and port of their choosing * …

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. See provided link.

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. See provided link.

Cache Flooding in TYPO3 Frontend.

The implementation of ORDER BY and GROUP BY in Zend_Db_Select of ZF1 is vulnerable by the following SQL injection.

XSS in TYPO3 Backend.

This package do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

Unspecified vulnerability in libpng, as used in Android , allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug

call does not validate empty parameters, which could result in invalid input bypassing the route validation rules. For example, in the routing scheme /api/{param}/{param2}/details, a request made to /api/// would match incorrectly.

hapi does not validate empty parameters, which could result in invalid input bypassing the route validation rules. For example, in the routing scheme /api/{param}/{param2}/details, a request made to /api/// would match incorrectly.

ActionServlet.java in Apache Struts mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

The REST plugin in Apache Struts 2, allows remote attackers to execute arbitrary code via a crafted expression.

The URLValidator class in Apache Struts 2 allows remote attackers to cause a denial of service via a null value for a URL field.

The MultipartStream class in this package allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

The MultipartStream class in this package allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

js/get_scripts.js.php in phpMyAdmin allows remote attackers to cause a denial of service via a large array in the scripts parameter.

phpMyAdmin allows remote attackers to obtain sensitive information.

Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.

JGroups does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors.

It is possible to crash the node process by sending an overly long websocket payload to a ws server.

The module does not properly escape ">" and "<" operator used for redirection in shell. Application escaping command-line args with this module might be vulnerable from malicious user input.

The primary function, minimatch(path, pattern) is vulnerable to ReDoS in the pattern parameter. This is because of the regular expression on line of minimatch.js: /((?:\{2}))(\?)|/g,. The problematic portion of the regex is ((?:\{2})) which matches against //.

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document.

The header for "Accept-Language", when parsed by negotiator is vulnerable to Regular Expression Denial of Service via a specially crafted string.

Node-cli insecurely uses user provided data in the name of it's lock file and log file. It allows the starting user to overwrite any file they have access to.

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

Format string vulnerability in libxml2 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

The xmlParseElementDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. This only impacts MsSql and SQLite adapters.

Doctrine Annotations allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Doctrine Annotations allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Doctrine uses mkdir($cacheDirectory ) to create caches directories. if your application runs with a umask of

Doctrine uses mkdir($cacheDirectory ) to create caches directories. if your application runs with a umask of

Doctrine uses mkdir($cacheDirectory ) to create caches directories. if your application runs with a umask of

Doctrine uses mkdir($cacheDirectory ) to create caches directories. if your application runs with a umask of

There's an improper default directory umask that can potentially allow unauthorized modifications of PHP code.

Doctrine Annotations allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

The permission masks is not properly set when creating a new directory or file. This can lead to local arbitrary code execution or privilege escalation. Such attacks typically require direct access to a user of the system to exploit, but are dangerous vectors when available.

The permission masks is not properly set when creating a new directory or file. This can lead to local arbitrary code execution or privilege escalation. Such attacks typically require direct access to a user of the system to exploit, but are dangerous vectors when available.

The permission masks is not properly set when creating a new directory or file. This can lead to local arbitrary code execution or privilege escalation. Such attacks typically require direct access to a user of the system to exploit, but are dangerous vectors when available.

The permission masks is not properly set when creating a new directory or file. This can lead to local arbitrary code execution or privilege escalation. Such attacks typically require direct access to a user of the system to exploit, but are dangerous vectors when available.

www/logout.php and modules/core/www/no_cookie.php are not checking the URLs obtained via the HTTP request before displaying them as the target of links that the user may click on. It allows attackers to display links targeting a malicious website inside a trusted site running SimpleSAMLphp, due to the lack of security checks involving the link_href and retryURL HTTP parameters, respectively.

nokogiri mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

When an authentication form is submitted by the user and if the user does not exist, the submitted username is stored in the session. If an attacker submit multiple requests with large usernames, he can potentially fill up the session storage.

When an authentication form is submitted by the user and if the user does not exist, the submitted username is stored in the session. If an attacker submit multiple requests with large usernames, he can potentially fill up the session storage.

Apache PDFBox does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.

The nextBytes function in the SecureRandom class does not properly generate random numbers when used with PHP without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.

The nextBytes function in the SecureRandom class does not properly generate random numbers when used with PHP without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.

The nextBytes function in the SecureRandom class in Symfony does not properly generate random numbers when used with PHP without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.

A lowercasing logic is used on the attribute names. Because of this, boolean attributes whose names are not all lowercase cause infinite recursion, and will exceed the stack call limit.

Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on …

Missing Access Check in TYPO3 CMS.

There's a potential Cross Site Scripting vulnerability in the Model#Escape function if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as &#60; to <.

Moodle does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.

The save_submission function in mod/assign/externallib.php in Moodle allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request.

Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL.

Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.

A security vulnerability in the software mediaelement.js allows to execute arbitrary Javascript code.

Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by jsinitfunctio%gn."

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service via a crafted XML document.

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allow remote attackers to cause a denial of service via a crafted XML document.

The htmlCurrentChar function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

The xmlPArserPrintFileContextInternal function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

The xmlDictAddString function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

safemode for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

Heap-based buffer overflow in the xmlStrncat function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

Jenkins allows remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name".

Jenkins allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permission check.

Jenkins allows remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.

The xmlStringGetNodeList function in tree.c in libxml2, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

A XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.

Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.

LoginForm calls disableSecurityToken(), which causes a "shared host domain" vulnerability.

savetreenode action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.

Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.

The jv_dump_term function in jq allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jg _rc1-r0.

There's a flaw in the way that node.js handles the rejectUnauthorized setting. If the value is something that evaluates to false, certificate verification will be disabled. This is problematic as engine.io-client passes in an object for settings that includes the rejectUnauthorized property, whether it has been set or not. If the value has not been explicitly changed, it will be passed in as null, resulting in certificate verification being turned …

XSLTResult in Apache Struts allows remote attackers to execute arbitrary code via the stylesheet location parameter.

csrf-lite uses ===, a fail first string comparison, instead of a time constant string comparison. This enables an attacker being able to calculate minuscule differences in CSRF tokens, essentially enabling them to guess the token one character at a time Each check increases the variable tempCheck by one. If a malicious user is able to see what tempCheck is at each run (how long it takes to do a check), …

electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. - The –string-ssl command line option defaults to false if not explicitly set to true This could allow an attacker to Man In The Middle (MITM) the step where electron-packager does the following step: "Download all supported target platforms and arches of Electron using the installed electron-prebuilt version (and cache the …

A vulnerability that allows attackers to gain information about private site content.

A missing webdav security declaration would allow unauthorized webdav access.

A malicious user could go to your application and send a request for GET /User?distinct=password and get all the passwords for all the users in the database, despite the field being set to private. This could also be used for other private data if the malicious user knew what was set as private for specific routes.

A user who can create or edit templates can bypass Restricted Python.

Due to the way that marked parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (sanitize: true) to inject a javascript: URL. This flaw exists because &#xNNanything; gets parsed to what it could and leaves the rest behind, resulting in just anything; being left.

The primary npm registry has, since late, used HTTP bearer tokens to authenticate requests from the npm command-line interface. Due to a design flaw in the CLI, these bearer tokens were sent with every request made by the CLI for logged-in users, regardless of the destination of the request. They should instead only be included for requests made against the registry or registries used for the current install. This flaw …

A malicious user could bypass the authentication and execute any command that the user who is running the console-io application is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive …

Integer underflow in the png_check_keyword function in pngwutil.c in libpng allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.

Specifically crafted long headers or uris can cause a minor denial of service.

There are several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. Moreover, there's a potential security issue in the usage of the openssl_random_pseudo_bytes() function in Zend_Crypt_Math::randBytes, reported in PHP BUG #70014, and the security implications reported in a discussion on the random_compat library.

Potential Insufficient Entropy Vulnerability in ZF1.

Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.

The diffie_hellman_sha256 function in kex.c in libssh2 improperly truncates secrets to bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks.

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow and Python Imaging Library (PIL) allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c allows remote attackers to overwrite memory via a crafted TIFF file.

Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c allows remote attackers to cause a denial of service (crash) via a crafted FLI file.

Drupal might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

Drupal might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

The User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.

The User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.

The System module in Drupal might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content.

The System module in Drupal might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content.

Drupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on an error page, related to path manipulation.

Drupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a error page, related to path manipulation.

Open redirect vulnerability in the drupal_goto function in Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the destination parameter.

Open redirect vulnerability in the drupal_goto function in Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the destination parameter.

The have you forgotten your password links in the User module in Drupal allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.

The have you forgotten your password links in the User module in Drupal allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.

Arbitrary File Disclosure in Form Component.

Privilege Escalation in TYPO3 CMS.

Authentication Bypass in TYPO3 CMS.

The Form API in Drupal ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has #access set to FALSE in the server-side form definition.

The Form API in Drupal ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has #access set to FALSE in the server-side form definition.

Salt does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.

The File module in Drupal allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.

The File module in Drupal allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.

CRLF injection vulnerability in the drupal_set_header function in Drupal allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.

CRLF injection vulnerability in the drupal_set_header function in Drupal allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.

Cross-Site Scripting in TYPO3 Backend.

Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE, as used in Apache Struts, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in an url-encoded parameter.

The XML-RPC system in Drupal might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.

The XML-RPC system in Drupal might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. in a ZIP archive entry.

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.

The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.

Cross-site scripting (XSS) vulnerability in Apache Jetspeed allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.

A Cross-site scripting (XSS) vulnerability in Apache OpenMeetings allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.

In each major version of Django since, the default number of iterations for the PBKDF2PasswordHasher and its subclasses has increased. This improves the security of the password as the speed of hardware increases, however, it also creates a timing difference between a login request for a user with a password encoded in an older number of iterations and login request for a nonexistent user (which runs the default hasher's default …

When using the PouchDB driver in the module, an attacker can execute arbitrary commands via the collection name.

Django relies on user input in some cases (e.g. django.contrib.auth.views.login() and i18n) to redirect the user to an "on success" URL. The security check for these redirects (namely django.utils.http.is_safe_url()) considered some URLs with basic authentication credentials "safe" when they shouldn't be. For example, a URL like http://mysite.example.com@attacker.com would be considered safe if the request's host is http://mysite.example.com, but redirecting to this URL sends the user to attacker.com. Also, if a …

SPIP allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.

Applications that pass unverified user input to the render method in a controller or a view may be vulnerable to a code injection. An attacker could use the request parameters to coerce the controller to execute arbitrary ruby code.

Applications that pass unverified user input to the render method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: def index; render params[:id]; end. Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.

Applications that pass unverified user input to the render method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: def index; render params[:id]; end Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.

Directory traversal vulnerability in Action View in Ruby on Rails before allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. in a pathname.

Jenkins does not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

Jenkins does not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.

The Rails gem allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

BeanShell when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Administrate::ApplicationController actions don't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrate exposes on their behalf.

If JsRender is used with server-delivered client-side templates that dynamically embed end-user input, then it is possible for a malicious user to execute arbitrary client-side code via use of a very specific expression.

Droppy does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others.

The airbrake module defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.

restafary is able to set up a root path, which should only allow it to run inside of that root path it specified. An attacker is able to provide a specifically crafted path to access files outside of this specified root path.

sanitize-html is vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability.

The xmlNextChar function in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

The package encryptor encrypts all messages using the same key/nonce. This not only exposes the XOR of the plaintexts if you XOR together two ciphertexts, but it also leaks the AES-GCM authentication key, allowing an attacker to forge messages and potentially perform chosen ciphertext attacks, which could potentially enable full plaintext recovery.

The compile_branch function in pcre_compile.c in PCRE and pcre2_compile.c in PCRE2 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

random_compat u ses insecure CSPRNG (openssl_random_pseudo_bytes()).

A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.

uri-js is a module that tries to fully implement RFC One of these features is validating whether a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at % usage while uri-js is trying to validate if the supplied URL is valid or not.

The checkHTTP function in libraries/Config.class.php in phpMyAdmin does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.

A Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.

Using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers.

The buildDefaults method on DevelopmentAdmin is missing a permission check. In live mode, if you access /dev/build, you are requested to login first. However, if you access /dev/build/defaults, then the action is performed without any login check. This should be protected in the same way that /dev/build is. The buildDefaults view is requireDefaultRecords() on each DataObject class, and hence has the potential to modify database state. It also lists all …

In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SS_TRUSTED_PROXY_IPS constant. Even with this restriction in place, SilverStripe trusts a variety of HTTP headers due to different proxy notations (e.g. X-Forwarded-For vs. Client-IP). Unless a proxy explicitly unsets invalid HTTP …

GridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS.

Denial of Service attack possibility in TYPO3 component Indexed Search.

It is possible to block the event loop when specially crafted user input is allowed into a validator using the utc-millisec format.

XML External Entity (XXE) Processing in TYPO3 Core.

Cross-Site Scripting in TYPO3 component Backend.

Cross-Site Scripting in TYPO3 component CSS styled content.

The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.

Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted search string.

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML.

libraries/common.inc.php in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.

SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers

'Missing security check on dev/build/defaults.

CSRF vulnerability in GridFieldAddExistingAutocompleter.

SQL Injection in dbal.

The Rails gem allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. in a pathname.

The Rails gem supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.

Cross-Site Scripting in form component.

Cross-Site Scripting in link validator component.

Cross-Site Scripting in legacy form component.

Due to the way that Rails::Html::FullSanitizer is implemented, if an attacker passes an already escaped HTML entity to the input of Action View's strip_tags these entities will be unescaped what may cause a XSS attack if used in combination with raw or html_safe.

Carefully crafted strings can cause user input to bypass the sanitization in the white list sanitizer which can lead to an XSS attack.

Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password. You can tell you application is vulnerable to this attack by looking for http_basic_authenticate_with method calls in your application.

Certain attributes are not removed from tags when they are sanitized, and these attributes can lead to an XSS attack on target applications.

A carefully crafted Accept header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack.

Code that uses Active Model based models (including Active Record models) and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacted by this issue as they are encouraged to allow parameters and must specifically opt-out of input verification using the permit! method …

Applications that pass unverified user input to the render method in a controller may be vulnerable to an information leak vulnerability. Carefully crafted requests can render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.

Applications that pass unverified user input to the render method in a controller may be vulnerable to an information leak vulnerability. Carefully crafted requests can render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.

Users that have a route that contains the string :controller are susceptible to objects being leaked globally which can lead to unbounded memory growth. To identify if your application is vulnerable, look for routes that contain :controller.

When using the nested attributes feature in Active Record you can prevent the destruction of associated records by passing the allow_destroy: false option to the accepts_nested_attributes_for method. The allow_destroy flag prevents the :reject_if proc from being called because it assumes that the record will be destroyed anyway. However, this is not true if :allow_destroy is false so this leads to changes that would have been rejected being applied to the …

This package vulnerable to Arbitrary Script Injection because the shell=True flag which enables subshells in the workspace.run() method.

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

composer is vulnerable to Cache Injection.

If a ModelAdmin uses save_as=True (not the default), the admin provides an option when editing objects to "Save as new". A regression prevented that form submission from raising a "Permission Denied" error for users without the "add" permission.

The filesystem storage backend in Radicale on Windows allows remote attackers to read or write to arbitrary files via a crafted path.

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.

When attempting to allow authentication mode try in hapi, Hapi introduced an issue whereby people can bypass authentication.

A REST API endpoint that is used for development was not disabled in production environments, a malicious user can use it to fill up the server and cause a Denial of Service or content injection.

The sync-exec module is used to simulate child_process.execSync in node Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists.

Buffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body.

Devise uses cookies to implement a remember-me functionality. However, it generates the same cookie for all devices. If an attacker manages to steal a remember-me cookie and the user does not change the password frequently, the cookie can be used to gain access to the application indefinitely. The bug can only be exploited if the attacker can steal cookies in the first place.

Specifically crafted MQTT packets can crash the application, making a DoS attack feasible with very little bandwidth.

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM allow remote authenticated users to inject arbitrary web script or HTML via the parameters to htdocs/user/card.php.

An attacker can fake signatures for any public key with low exponent.

Mapbox.js is vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios.

If you use L.mapbox.map and L.mapbox.shareControl, it is possible for a malicious user with control over the TileJSON content to inject script content into the name value of the TileJSON. After clicking on the share control, the malicious code will execute in the context of the page using Mapbox.js.

An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which is invoked by ImageFormatter from options.

It is possible in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. Passenger 5 uses an SCGI-inspired format to pass headers to Ruby/Python applications, while Passenger 4 uses an SCGI-inspired format to pass headers to all applications. This implies a conversion to UPPER_CASE_WITH_UNDERSCORES whereby the difference between characters like '-' and '_' is lost. See "Affected use-cases" in provided link …

The gem contains a flaw that is triggered when handling the params[:default_class_name] option. This allows users to search any object of all given ActiveRecord classes.

The gem contains a flaw that is triggered when handling the params[:default_class_name] option. This allows users to search any object of all given ActiveRecord classes.

The contents of the image_path, colors, and depth variables generated from possibly user-supplied input are passed directly to the shell. If a user supplies a value that includes shell metacharacters such as ';', an attacker may be able to execute shell commands on the remote system as the user id of the Ruby process.

jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. "The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a Regular Expression to enter …

jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator. "The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a …

When given a number instead of a string, the ping function sends a non zeroed buffer of the corresponding length which exposes memory to the recipient.

A security issue was found in bittorrent-dht that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory.

Keys of objects are not escaped with mysql.escape() which could lead to SQL Injection.

When server level, connection level or route level CORS configurations are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins *).

Certain input strings when passed to new Date() or Date.parse() will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.

Decamelize uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack.

Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP error back to the sender, hapi will continue to hold the socket open until timed out (default node timeout is 2 minutes).

When using rack-attack with a RoR app, developers expect the request path to be normalized. In particular, trailing slashes are stripped so a request path /login/ becomes /login by the time you're in ActionController. Since Rack::Attack runs before ActionDispatch, the request path is not yet normalized. This can cause throttles and denylists to not work as expected.

Browser information is not filtered properly while saving the session values which leads to a Remote Code Execution vulnerability.

Multiple CRLF injection vulnerabilities allow attackers to inject arbitrary SMTP commands via CRLF sequences in an email address to the validateAddress function in class.phpmailer.php or SMTP command to the sendCommand function in class.smtp.php.

The vendored version of libxml2 is affected by multiple vulnerabilities.

Several vulnerabilities were discovered in the libxml2 library that this package gem depends on.

The xmlStringLenDecodeEntities function in parser.c in libxml2 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.

Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.

The xmlParseMisc function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

The xmlParseXMLDecl function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

The xmlNextChar function in libxml2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors.

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service.

All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme "javascript:".

Failing to properly encode editor input, the search result view of indexed_search is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.

TYPO3 is susceptible to Cross-Site Flashing.

Cross-Site Scripting in TYPO3 component Indexed Search.

Cross-Site Scripting vulnerability in typolinks.

Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend.

Multiple Cross-Site Scripting vulnerabilities in frontend.

The flashplayer misses to validate flash and image files. Therefore it is possible to embed flash videos from external domains.

Remote Code Execution Vulnerability

A vulnerability allows unauthorized disclosure of registered user information.

Denial Of Service attack vector in dompdf.

If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format. e.g. SECRET_KEY instead of j/m/Y.

Session fixation vulnerability in the Remember Me login feature in Symfony allows remote attackers to hijack web sessions via a session id.

Session fixation vulnerability in the Remember Me login feature in Symfony allows remote attackers to hijack web sessions via a session id.

Session fixation vulnerability in the Remember Me login feature in Symfony allows remote attackers to hijack web sessions via a session id.

Symfony allow remote attackers to have unspecified impact via a timing attack involving.

Symfony allows remote attackers to have unspecified impact via a timing attack.

Symfony allows remote attackers to have unspecified impact via a timing attack.

Symfony allow remote attackers to have unspecified impact via a timing attack.

Information Disclosure in dompdf.

Dompdf contains a Remote Code Execution vulnerability.

Due to a bug in the the default sign in functionality, incomplete email addresses could be matched. A correct password is still required to complete sign in.

The png_convert_to_rfc1123 function in png.c in libpng allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

A potential XML External Entity processing vulnerability has been discovered in the MediaTypeConverter.

Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials (such as cookies). With the potential backdoor upload an attacker could gain access to the server itself, to an extent mainly limited by the server setup.

SavedJobData and SavedJobMessages contain php serialized data. There's no point showing these to a CMS Admin as they're not human readable. Worse, it might be insecure, as a malicious CMS Admin might be able to craft a payload thats dangerous to unserialize. This issue has been resolved by hiding this content, even from administrators.

Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal array_rand() function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as openssl_pseudo_random_bytes(). This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.

Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal array_rand() function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as openssl_pseudo_random_bytes(). This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.

Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal array_rand() function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as openssl_pseudo_random_bytes(). This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.

Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word.

Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word.

Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word.

Arbitrary file upload and XML External Entity processing.

XSS vulnerabilities in Neos.

There's a flaw that allows arbitrary file uploads, including server-side scripts, posing the risk of attacks.

By default, the CMS Admin editable template for the NotifyUsers action has access to a large number of fields, including (for instance) Member#Password. This would allow a malicious CMS Admin to extract other admin passwords by adding a template emailing these fields to themselves when other admins trigger the workflow. A new configuration option has been added; when this option is set to true via the Config API then only …

Parsing an unclosed comment can result in Conditional jump or move depends on uninitialised value(s) and unsafe memory access.

The xz_decomp function in xzlib.c in libxml2 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

libxml2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.

A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the NumericField and DropdownField have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.

The vendored libxml2 and libxslt libraries have multiple vulnerabilities: CVE-2015-1819 CVE-2015-7941_1 CVE-2015-7941_2 CVE-2015-7942 CVE-2015-7942-2 CVE-2015-8035 CVE-2015-7995

"Add from URL" does not clearly sanitize URL server side in HtmlEditorField_Toolbar. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.

HtmlEditor improper URL sanitisation.

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

Form field validation message XSS vulnerability.

Unsafe view template filenames result in a Remote File Inclusion vulnerability.

Remote File Inclusion through View template name manipulation.

There's an XSS attack vector in Security Library method xss_clean().

XSS attack vector in Security Library method xss_clean().

gm is vulnerable to command injection when user input is passed into the arguments of the gm.compare function. The compare() function fails to sanitize meta characters correctly before calling the graphics magic binary.

ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in which can lead to long processing time that make the application unresponsive.

bleach is vulnerable to regular expression denial of service (ReDoS) when certain types of input is passed into the sanitize function. This can lead to long processing time, hanging the process while they occur.

Secure-compare does not actually compare two strings properly. compare actually compares the first argument with itself, meaning the check passes for any two strings of the same length.

If you use L.mapbox.map or L.mapbox.tileLayer to load untrusted TileJSON content from a non-Mapbox URL, it is possible for a malicious user with control over the TileJSON content to inject script content into the attribution value of the TileJSON which will be executed in the context of the page using Mapbox.js.

Mapbox.js is vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios.

Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter.

Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI.

Hapi implement CORS incorrectly and allowes for configurations that at best return inconsistent headers and at worst allow cross-origin activities that are expected to be forbidden.

There are multiple CSRF (cross-site request forgery) vulnerabilities in the ZMI (Zope Management Interface).

A vulnerability allows attackers to gain read access to arbitrary files on the system.

The library does not properly escape attribute values making XSS exploits possible.

The library does not properly escape attribute values making XSS exploits possible.

It's possible to cause a DoS by uploading files with a spoofed media type, because it causes megabytes of logging to be written.

A maliciously forged file opened for editing can execute javascript, specifically by being redirected to /files/ due to a failure to treat the file as plain text.

This library is vulnerable to LDAP injection through the "username" parameter.

Shis package are vulnerable to Open Redirect attacks. When a colon is present in the URL path, the urljoin method ignores the upstream request and redirects it to a path cntrolled by an attacker, possibly causing content injection.

A maliciously forged file opened for editing can execute javascript, specifically by being redirected to /files/ due to a failure to treat the file as plain text.

It has been discovered, that it is possible to forge a link to a backend module, which contains a JavaScript payload. This JavaScript is executed, if an authenticated editor with access to the module follows the link that, is tricked to click on a certain HTML target. Because TYPO3 include a secret token unknown to an attacker in every URL, an exploit would not be feasible for these versions.

Potential SQL injection vector using null byte for PDO (MsSql, SQLite).

A member with the permission EDIT_PERMISSIONS is able to re-assign themselves (or another member) to ADMIN level.

XSS in dev/build returnURL Parameter.

XSS in install.php.

Forum Module CSRF Vulnerability.

By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged in user’s session. This means that the malicious hacker can change the logged in user’s password and invalidate the session of the victim while the hacker maintains access.

By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged in user’s session. This means that the malicious hacker can change the logged in user’s password and invalidate the session of the victim while the hacker maintains access.

By exploiting a Cross-site scripting vulnerability, an attacker can hijack a user's session. This means that the malicious hacker can change the user's password and invalidate the session of the victim while the hacker maintains access.

By exploiting a Cross-site scripting vulnerability the attacker can hijack a user session. This means that the malicious hacker can change a user's password and invalidate the session of the victim.

By exploiting a Cross-site scripting vulnerability the attacker can hijack a user's session. This means that the malicious hacker can change the user's password and invalidate the session of the victim while the hacker maintains access.

It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation.

Frontend: Unauthenticated Path Disclosure.

Static file serving allows directory traversal with a URI encoded path.

File upload exposure on UserForms module.

The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is not predictable, certain actions taken by CMS authors could expose it. For example, submission notification emails contain a link to the file without …

There's a flow that allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. This only apply when running under PHP-FPM in a threaded environment.

There's a flow that allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. This only apply when running under PHP-FPM in a threaded environment.

The Zend_Xml_Security::scan in ZendXml and Zend Framework, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.

RubyGems does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.

There's a vulnerability which allows a specially crafted Javascript file to have altered functionality after minification. This bug was demonstrated to allow potentially malicious code to be hidden within secure code, activated by minification. Affected versions erroneously minify boolean expressions.

There's a vulnerability which allows a specially crafted Javascript file to have altered functionality after minification. This bug was demonstrated to allow potentially malicious code to be hidden within secure code, activated by minification. Affected versions erroneously minify boolean expressions.

If you create a new folder in the iPython file browser and set Javascript code as its name the code injected will be executed. So, if I create a folder called "> and then I access to it, the cookies will be prompted.

If you create a new folder in the iPython file browser and set Javascript code as its name the code injected will be executed. So, if I create a folder called "> and then I access to it, the cookies will be prompted.

A session can be created when anonymously accessing the django.contrib.auth.views.logout view (provided it wasn't decorated with django.contrib.auth.decorators.login_required as done in the admin). This allows an attacker to easily create many new session records by sending repeated requests, potentially filling up the session store or causing other users' session records to be evicted.

The Bolt CMS does not allow the upload or editing of PHP files in its admin area, which should prevent code execution once an attacker gained admin credentials. However, when uploading, the actual file type is not checked. The theme editor allows for the renaming of uploaded files, and it does not check the file extension or file type when doing so. Because of this, an attacker can gain code …

Several vulnerabilities were discovered in the libxml2 and libxslt libraries that this package gem depends on.

The MethodClosure class in runtime/MethodClosure.java in this package allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

Your application is affected if you allow end users to submit Twig templates, even if you protected this template with Twig's sandbox mode. End users can craft valid Twig code that allows them to execute arbitrary code (RCEs) via the _self variable, which is always available, even in sandboxed templates.

Ansible fails to adequately validate HTTPS certificates when using the get_url and uri modules, and when using the url and etcd lookup plugins. This allows for man-in-the-middle attacks on those connections.

Remote code execution in templates.

A number of form actions in the Forum module are directly accessible. A malicious user (e.g. spammer) can use GET requests to create Members and post to forums, bypassing CSRF and anti-spam measures. Additionally, a forum moderator could be tricked into clicking a specially crafted URL, resulting in a topic being moved.

Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. If your authorization depends on the presence of the prefix routing key you should upgrade as soon as possible.

There's a flow in Validation::compare() and Validation::range() that makes possible to pass validation criteria using crafted data.

Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. If your authorization depends on the presence of the prefix routing key you should upgrade as soon as possible.

State guessing vulnerability.

State is not pulled of the session, and can be guessed later.

When a Hash containing user-controlled data is encoded as JSON (either through Hash#to_json or ActiveSupport::JSON.encode), Rails does not perform adequate escaping that matches the guarantee implied by the escape_html_entities_in_json option (which is enabled by default). If this resulting JSON string is subsequently inserted directly into an HTML page, the page will be vulnerable to XSS attacks.

Critical SQL injection bug in the ODBC database driver.

Carefully crafted requests can cause a SystemStackError and potentially cause a denial of service attack.

Specially crafted XML documents can cause applications to raise a SystemStackError and potentially cause a denial of service attack. This nonly impacts applications using REXML or JDOM as their XML processor. Other XML processors that Rails supports are not impacted.

Specially crafted remote requests can spoof their origin, bypassing the IP allowlist, in any environment where Web Console is enabled (development and test, by default).To work around this issue, turn off web-console in all environments, by removing/commenting it from the application's Gemfile.

In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to https://attacker.com (note the leading space) that will be passed to JQuery, who will see this as a same origin request, and send the user's CSRF token to the attacker …

Insecure state generation.

The default exclude patterns (excludeParams) in this package allow remote attackers to "compromise internal state of an application" via unspecified vectors.

The package redcarpet contains a flaw that allows a stack overflow. This flaw exists because the header_anchor() function in html.c uses variable length arrays (VLA) without any range checking. This may allow a remote attacker to execute arbitrary code.

Some built-in validators (django.core.validators.EmailValidator, most seriously) don't prohibit newline characters (due to the usage of $ instead of \Z in the regular expressions). If you use values with newlines in HTTP response or email headers, you can suffer from header injection attacks.

django.core.validators.URLValidator includes a regular expression that was extremely slow to evaluate against certain inputs.

The session backends created a new empty record in the session storage anytime request.session was accessed and there was a session key provided in the request cookies that didn't already have a session record. This could allow an attacker to easily create many new session records simply by sending repeated requests with unknown session keys, potentially filling up the session store or causing other users' session records to be evicted.

Class yii\web\ViewAction allowed to include arbitrary files that end with .php.

Class yii\web\ViewAction allowed to include arbitrary files that end with .php.

There is an issue where if an HTML file is uploaded with a .html extension, but the content type is listed as being image/jpeg, this will bypass a validation checking for images. But it will also pass the spoof check, because a file named .html and containing actual HTML passes the spoof check.

Forced Redirect to External Website.

Forced Redirect to External Website.

random_compat uses openssl_random_pseudo_bytes() but this Cryptographically Secure Pseudorandom Number Generator (CSPRNG) is insecure.

Sidekiq::Web lacks CSRF protection

This is a malicious package. You may want to install sidekiq.

Frontend login Session Fixation.

Information Disclosure possibility exploitable by Editors.

Brute Force Protection Bypass in backend login.

Access bypass when editing file metadata.

Cross-Site Scripting exploitable by Editors.

Cross-Site Scripting in 3rd party library Flowplayer.

The gem is vulnerable to external entity expansion attacks.

Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the Symfony\Component\HttpKernel\HttpCache class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.

Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the Symfony\Component\HttpKernel\HttpCache class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.

RubyGems does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the nhref or action to " https://attacker.com" (note the leading space) that will be passed to JQuery, who will see this as a same origin request, and send the user's CSRF token to the …

A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object.

The package sidekiq is vulnerable to XSS via queue name in Sidekiq::Web.

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in this package allow remote attackers to read arbitrary files via an external entity in an invalid XML String or GenericFile object in an XPath query.

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in this package allows remote attackers to read arbitrary files via an external entity in an SAXSource.

FragmentListener in the HttpKernel component in Symfony, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.

FragmentListener in the HttpKernel component in Symfony, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.

This package is vulnerable to Information Exposure through the DualField and HashField columns which are insecure.

X-Forwarded-Host request hostname injection.

Denial of Service attack through XML payloads

Vulnerability on isDev, isTest and flush $_GET validation.

External redirection risk in Security?ReturnURL.

Potential SQL Injection Vulnerability in silverstripe.

The tab switching cookie is not properly escaped.

Libcontainer and Docker Engine opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.

Potential CRLF injection attacks in mail and HTTP headers.

Exploit in the private channel authentication.

This package is vulnerable to Cross-Site Scripting (XSS) attacks

Cross-site scripting (XSS) vulnerability in Yii Framework allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6

Cross-site scripting (XSS) vulnerability in Yii Framework allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6

Cross-site scripting (XSS) vulnerability in Yii Framework allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6

Cross-site scripting (XSS) vulnerability in Yii Framework allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6

Cross-site scripting (XSS) vulnerability in Yii Framework allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6

It's possible for an attacker to circumvent authentication by crafting special socket ID.

Incorrect CSRF validation in cakephp.

Potential CRLF injection attacks in mail and HTTP headers.

Potential CRLF injection attacks in mail and HTTP headers.

This is a malicious package. You may want to install sidekiq.

The gem is vulnerable to XPath injection on xml_security.rb. The lack of prepared statements allows for command injection, leading to arbitrary code execution.

REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information.

XSS via job arguments display class in Sidekiq::Web (web/views/queue.erb).

The package refile contains a flaw that is triggered when input is not sanitized when handling the remote_image_url field in a form, where image is the name of the attachment. This may allow a remote attacker to execute arbitrary shell commands.

User authentication bypass.