This package contains a flaw that is triggered when handling a root element in an XML document. This may allow a remote attacker to cause a consumption of memory resources.
Apache Commons BeanUtils does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts
This package does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts
This package does not properly restrict access to the getClass method, which allows remote attackers to manipulate the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
Forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponents tampering protection.
This package contains a flaw that is due to the API client code passing the API_KEY to a curl command. This may allow a local attacker to gain access to API key information by monitoring the process table.
CookieInterceptor in this package, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
An arbitrary file read vulnerability is present on dompdf.php file that allows remote or local attackers to read local files using a special crafted argument. This vulnerability requires the configuration flag DOMPDF_ENABLE_PHP to be enabled (which is disabled by default). Using PHP protocol and wrappers it is possible to bypass the dompdf's "chroot" protection (DOMPDF_CHROOT) which prevents dompdf from accessing system files or other files on the webserver. Please note …
Pillow might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.
Authentication adapter did not verify validity of tokens.
An attacker can Import Java classes to circumvent the security protections and execute arbitrary code outside the sandboxed environment.
There is a flaw in the json() function in bottle.py. The issue is due to the program using insufficient restrictions when parsing JSON content-types. This may allow a remote attacker to bypass access restrictions.
Django incorrectly handle dotted Python paths when using the django.core.urlresolvers.reverse function. An attacker can use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution.
The gem contains a flaw that is triggered as JSON[body] input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands.
When using a MySQL database, Django don't perform explicit conversion of the fields: * FilePathField * GenericIPAddressField * IPAddressField If a query is performed without first converting values to the appropriate type, this can produce unexpected results, similar to what would occur if the query itself had been manipulated. An attacker can possibly use this issue to obtain unexpected results.
Django incorrectly cache certain pages that contain CSRF cookies. An attacker can possibly use this flaw to obtain a valid cookie and perform attacks which bypass the CSRF restrictions.
npm allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.
By a malicious user creating /tmp/browser.html first and repeatedly writing to it, they can inject malicious html into the file right before it is about to be opened.
This package does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
The rbovirt gem uses rest-client with SSL verification disabled. Any products making use of this gem are likely vulnerable to MITM attacks.
In JpegImagePlugin.py, the load_jpeg(self) method generates a temporary file name and sends it to an external process. It is possible to alter the target file before it is read since the command line arguments are not kept secret.
In JpegImagePlugin.py, the load_jpeg(self) method makes an unsafe call to tempfile.mktemp(). It is possible to alter the temporary file between the moment the file is generated and the moment it is used.
Hijacked authentication cookies vulnerability in auth.
Hijacked authentication cookies vulnerability.
By doing repeated requests, with sufficient load on the target system, an authenticated user may in certain situations assume another authenticated user's complete identity and multi-tenant authorizations, potentially resulting in a privilege escalation. Note that it is related to a bad interaction between eventlet and python-memcached that should be avoided if the calling process already monkey-patches "thread" to use eventlet. Only keystone middleware setups using auth_token with memcache are vulnerable.
The default configuration of the Resources plugin does not properly restrict access to files in the WEB-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this identifier has been SPLIT due to different researchers and different vulnerability types. See CVE-2014-2857 for the META-INF variant and CVE-2014-2858 for the directory traversal.
The default configuration of the Resources plugin does not properly restrict access to files in the WEB-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this identifier has been SPLIT due to different researchers and different vulnerability types. See CVE-2014-2857 for the META-INF variant and CVE-2014-2858 for the directory traversal.
Sauce Connect is vulnerable to the HeartBleed bug (CVE-2014-0160). A new has been release to fix the bug. The package sauce-connect-launcher (up to included) is downloading vulnerable version of Sauce Connect.
There's a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the parse_inline() function in markdown.c does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Insufficient input validation allows for code injection and remote execution.
This package is vulnerable to Information Exposure. When an exception message occurs, it contains the full path of the project directory.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in jruby-sandbox.
MultipartStream.java in this package allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
MultipartStream.java in this package allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.