Advisories

OkHttp allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

nes has a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to cookie. Submitting an invalid cookie on the websocket upgrade request will cause the node process to error out.

An issue was discovered in Pagekit. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit.

Remote Code Execution Vulnerability in shopware.

The package ruby-saml is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced two elements at the same time (but past the scheme validator process since 1 of the element was inside the encrypted assertion).

The tar module allow for archives to contain symbolic links that will overwrite targets outside the expected path for extraction.

The send module discloses the root path.

Under certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware.

uglify-js is vulnerable to regular expression denial of service (ReDoS) when certain types of input is passed into .parse(). A regular expression leading to a very long processing time can be used to make the program hang for a very long time.

ms is vulnerable to regular expression denial of service (ReDoS) when extremely long version strings are parsed.

Extbase in TYPO3 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.

The clientIp function in CakePHP allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.

TYPO3 is vulnerable to Cross-Site Scripting.

Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.

Doorkeeper failed to implement OAuth Token Revocation (RFC ) in the following ways: Public clients making valid, unauthenticated calls to revoke a token would not have their token revoked Requests were not properly authenticating the client credentials but were, instead, looking at the access token in a second location Because of 2, the requests were also not authorizing confidential clients' ability to revoke a given token. It should only revoke …

fury-adapter-swagger has a vulnerability that allows arbitrary file reads off the file system. This could be used to retrieve sensitive data, or cause a denial of service by reading /dev/zero.

In Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed.

In Moodle, text injection can occur in email headers, potentially leading to outbound spam.

In Moodle, glossary search displays entries without checking user permissions to view them.

There is incorrect sanitization of attributes in forums.

There is XSS in the assignment submission page.

A vulnerability in includes/classes/ia allows remote attackers to conduct PHP Object Injection attacks via crafted deserialized data in a salt cookie in a login request.

Remote Code Execution Vulnerability in shopware.

ecrire/exec/valider_xml.php in SPIP allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.

Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.

The SPIP template composer/compiler in SPIP allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with crafted user input.

PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments.

An SQL injection vulnerability exists in inc/lib/Control/Backend/posts.

system/libraries/Email.php in CodeIgniter allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.

Web2py is affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged-in user to perform some unwanted actions. An attacker can trick a victim to disable the installed application just by sending a URL to victim.

An HTTP/2 implementation built using the priority library could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree.

This package does not consider URL path parameters when processing security constraints.Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.

windows-build-tools download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Remote Code Execution in third party library swiftmailer.

SQL injection vulnerability in register.php in GeniXCMS allows remote attackers to execute arbitrary SQL commands via the activation parameter.

openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

msystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.

limbus-buildgen download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

webdriver-launcher downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

tomita

cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

poco downloads source file resources used for compliation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

/nipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application.

headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

alto-saxophone download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

fis-parser-sass-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

jstestdriverdownloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

node-thulac downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server.

openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

herbivore download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

broccoli-closure downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

js-given downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data.

install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

unicode-json downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

grunt-ccompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

The patch for CVE-2016-10033 vulnerability added in PHPMailer sanitizes the $Sender variable by applying escapeshellarg() escaping before the value is passed to mail() function. It does not however take into account the clashing of the escapeshellarg() function with internal escaping with escapeshellcmd() performed by mail() function on the 5th parameter. As a result it is possible to inject an extra quote that does not get properly escaped and break out …

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a crafted e-mail address.

There's a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application.

The setFrom function in the Sendmail adapter in the zend-mail component might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " in a crafted e-mail address.

This advisory has been marked as a false positive.

Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

This package is vulnerable to Cross-Site Scripting (XSS). When a label is rendered, the contents of the label element were not escaped.

ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.

The ApplicationController is not protected against CSRF (Cross-Site Request Forgery).

A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.

A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.

Chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

macaca-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Unicode downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.

nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.

ibm_db downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

iedriver downloads binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

During the installation process, the go-ipfs-deps module insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.

bkjs-wand downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

operadriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

fuseki downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

apk-parser3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Kindlegen downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

baryton-saxophone downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

apk-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

embedza downloads JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.

pngcrush-installer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

geoip-lite-country downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

install-nw downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

product-monitor downloads JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.

This package is vulnerable to Cross-Site Scripting (XSS) attacks. The autoescaping method was disabled by default, allowing an attacker to alter database values.

Heap-based buffer overflow in PCRE and PCRE2 allows remote attackers to execute arbitrary code via a crafted regular expression.

PCRE, and PCRE2 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression.

An incorrect check of return values in the signature validation utilities allows an attacker to get invalid signatures accepted as valid by forcing an error during validation.

An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server.

An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user session, username, and password are not compromised by this vulnerability.

An issue was discovered in phpMyAdmin. A user can exploit the "LOAD LOCAL INFILE" functionality to expose files on the server to the database system.

An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user.

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection.

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules.

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files.

An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp.

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout.

An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true.

An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true.

There is a directory traversal vulnerability that allows an attacker to read files outside the current directory by sending ../ in the url path for GET requests.

An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies.

An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10.

XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack.

An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing.

An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file.

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature.

An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension.

Bitty has a directory traversal vulnerability that is exploitable via the URL path in GET requests.

There's a directory traversal vulnerability that is exploitable via the URL path in GET requests.

The library downloads binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

The library downloads binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

The library downloads binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

The library downloads binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP allows remote attackers to inject arbitrary web script or HTML via the rac parameter.

In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.

Form fields returning isReadonly() as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeField_Readonly. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe …

Confirmation forms in Drupal make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

Modules wishing to restrict access to taxonomy terms may be incompatible with queries generated both by Drupal core as well as those generated by contributed modules like Entity Reference. As a result, information on taxonomy terms may be disclosed to unprivileged users.

Modules wishing to restrict access to taxonomy terms may be incompatible with queries generated both by Drupal core as well as those generated by contributed modules like Entity Reference. As a result, information on taxonomy terms may be disclosed to unprivileged users.

The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.

The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.

A specially crafted URL can cause a denial of service via the transliterate mechanism.

A specially crafted URL can cause a denial of service via the transliterate mechanism.

Stored Cross-Site-Scripting (XSS) is possible by including code outside of backticks in any ebook. This code will be executed on the online reader.

Path Traversal in TYPO3 Core.

Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence.

Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed.

Insecure Unserialize in TYPO3 Backend.

libxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

There's a PHP Object Injection vulnerability that can be triggered through the saveLayout() method defined into the /plugins/Dashboard/Controller.php script. Since Piwik is not using "utf8mb4" collations for its database, this can be exploited in combination with a MySQL UTF8 truncation issue in order to corrupt the session array, allowing unauthenticated attackers to inject arbitrary PHP objects into the application scope and carry out Server-Side Request Forgery (SSRF) attacks, delete arbitrary …

There's a Remote Code Execution vulnerability in the highlight function of Pygmentize.

Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.

The library passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to cd and git clone commands in the library.

Git allows executing arbitrary shell commands using git-remote-ext via remote URLs. Normally git never requests URLs that the user does not specifically request, so this is not a serious security concern. However, submodules did allow the remote repository to specify what URL to clone from. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an …

The PersistedUsernamePasswordProvider is prone to a information disclosure of account existence based on timing attacks as the hashing of passwords is only done in case an account is found.

Time-Based Information Disclosure Vulnerability in Flow.

If user input goes into the limit or order parameters, a malicious user can put in their own SQL statements.

Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements that will get executed and have full access to the database.

Sequelize defaults SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping. This leads to SQL injection.

Sequelize contains a potential SQL injection.

Gregwar is vulnerable to local file inclusion when including RST templates.

Local File Inclusion Vulnerability in rst.

In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped.

"algorithm" isn't enforced in jwt.decode() and a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.

Since algorithm isn't enforced in jwt.decode(), a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.

There exists a Java Object in this package that can be manipulated in such a way that when it is deserialized, it can write or copy files to disk in arbitrary locations. Furthermore, while the Object can be used alone, this new vector can be integrated with ysoserial to upload and execute binaries in a single deserialization call. This may or may not work depending on an application's implementation of …

Parsing a file with a malicious name leads to arbitrary OS command injection, this is especially risky when parsing user-supplied files on a server (e.g. uploaded files).

Sails has an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when allRoutes is set to true and origin is set to * …

Extension URIs (resource://…) bypass Content-Security-Policy in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacked can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection.

Nunjucks has a cross site scripting (XSS) vulnerability in autoescape mode: all template vars should automatically be escaped. By using an array for the keys, it is possible to bypass autoescaping and inject content into the DOM.

By sending a Mb websocket message to a uws server instance, it is possible to crash the node process by exceeding V8's maximum string size.

If an attacker can trick an unsuspecting user into viewing a specially crafted plot on a site that uses plotly.js, then the attacker could potentially retrieve authentication tokens and perform actions on behalf of the user.

An arbitrary code injection vector was found via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.

Arbitrary code execution is possible through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function.

The exception handling code in this package allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

PySAML2 is vulnerable to XML External Entity attacks (XEE attacks) via SAML XML requests.

Null reset codes are allowed through sentry.

Vulnerability to Response Wrapping attacks resulting in a malicious user gaining unauthorized access to a system.

The system.temporary route allows the download of a full config export. The full config export should be limited to those with "Export configuration" permission.

The system.temporary route allows the download of a full config export. The full config export should be limited to those with "Export configuration" permission.

Users who have rights to edit a node can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.

Users who have rights to edit a node can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.

Remote attackers could cause a denial of service (CPU and disk consumption) via a long URL.

The qstr method in the PDO driver in the ADOdb Library for PHP might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.

An attacker can create a specially crafted url, which can execute arbitrary code in the victim’s browser if loaded. Drupal is not properly sanitizing an exception.

An attacker can create a specially crafted url, which can execute arbitrary code in the victim’s browser if loaded. Drupal is not properly sanitizing an exception.

The library does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.

ImageMagick driver does not escape all shell arguments.

CRLF injection vulnerability in the Undertow web server allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Nokogiri is affected via its dependency libxml2. CVE-2016-4448: Format string vulnerability in libxml2 allows attackers to have unspecified impact via format string specifiers in unknown vectors. CVE-2016-4658: libxml2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. CVE-2016-5131: libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the …

xpointer.c in libxml2 (as used in Apple iOS, OS X, tvOS, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

This package is vulnerable to Open Redirect attacks.

This package allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.

Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability.

Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in …

The User module in Drupal allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

The User module in Drupal allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

The Views module in Drupal and the Views module might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.

The Views module in Drupal and the Views module might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.

The implementation of ORDER BY and GROUP BY in Zend_Db_Select is prone to SQL injection when a combination of SQL expressions and comments are used.

There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155.

RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.

There is a possible XSS vulnerability in Action View. Text declared as HTML safe will not have quotes escaped when used as attribute values in tag helpers.

There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers.

The Rails gem does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request.

There's a flaw in the DB schema where reset_password_code is NULL by default. If an attacker is able to provide a NULL reset code to the package, there are no guards against arbitrary anonymous password resets. In many cases, submitting a url-encoded null byte value (%00) will match what's in the database, passing the check and allowing the attacker to set the password to what they wish.

Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.

Critical vulnerabilities in JSON Web Token libraries.

Cookie-signature is vulnerable to timing attacks.

A cross site scripting (XSS) vulnerability was introduced due to a change from text to html functions in how JSON elements are rendered.

c3 contain a cross site scripting (XSS) vulnerability through improper html sanitization on rendered tooltips.

Specifically crafted MQTT packets can crash the application, making a DoS attack feasible with very little bandwidth.

Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings allows remote attackers to inject arbitrary web script or HTML via the swf parameter.

This package is vulnerable to Cross-Site Request Forgery (CSRF) attacks.

There's a cross site scripting (XSS) vulnerability in the url query string parameter.

List of key / value pairs assigned to OptionsetField or CheckboxSetField do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.

A cross-site scripting vulnerability in VersionedRequestFilter has been found. If an incoming user request should not be able to access the requested stage, an error message is created for display on the CMS login page that they are redirected to. In this error message, the URL of the requested page is interpolated into the error message without being escaped; hence, arbitrary HTML can be injected into the CMS login page.

If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users.

When a user changes their password, the internal salt used for hashing their password is not updated.

The SS_Report, and the reports CMS section only checks canView() when listing the reports that can be viewed by the current user. It does not (and should) perform canView checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.

The core template framework/templates/Includes/GridField_print.ss uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because Member->getName() just returns the raw FirstName + Surname as a string, which is injected directly.

After performing a password reset, ChangePasswordForm::doChangePassword() logs in the user without checking Member::canLogIn(). This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like Member::canLogIn() was originally designed to only be used for checking whether the user is locked out (due …

This module does not validate the KDC, which might allow an attacker with network access and enough time to spoof the KDC and impersonate a valid user without knowing their credentials.

rhq allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.

Sanitization of HTML strings is not applied recursively to input, allowing an attacker to potentially inject script and other markup.

ezseed-transmission downloads a script from http://stedolan.github.io/jq/download/linux64/jq without checking the certificate. An attacker on the same network or on an ISP level could intercept the traffic and push their own version of the file, causing the attackers code to be executed.

Cross-site scripting (XSS) vulnerability in Apache Archiva allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action.

Since "algorithm" isn't enforced in jws.verify(), a malicious user could choose what algorithm is sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.

There's a critical SQL injection bug in the ODBC database driver.

By using a malicious server which returns script as the value of the Content-Type header, it is possible to execute arbitrary code using the demonstration capabilities of Swagger-UI.

Primary functions of emojione do not properly sanitize input and are thus vulnerable to cross site scripting (XSS). If you application passes user supplied input to these functions, it may be vulnerable to this attack.

There exists a cross site scripting (XSS) vulnerability in the Pillbox feature of FuelUX. By supplying a script as a value for a new pillbox, it is possible to cause arbitrary script execution.

Cross site scripting vulnerability in the drag and drop functionality for modifying tree data. A node that contains a standard XSS vector will have its payload execute when a user attempts to drag a node to a different position in the hierarchy.

There's a cross site scripting (XSS) issue when rendered inside a _block during client side rendering. Server side rendering is not affected and is properly escaped.

Use-after-free vulnerability in libxml2, as used in Google Chrome, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

Tough-cookie contain a vulnerable regular expression that, under certain conditions involving long strings of semicolons in the "Set-Cookie" header, causes the event loop to block for excessive amounts of time.

Swagger-ui contains a cross site scripting (XSS) vulnerability in the key names for the following object path in the JSON document: .definitions.{USER_DEFINED}.properties.{INJECTABLE_KEY_NAME}. Supplying a key name with script tags causes arbitrary code execution. In addition it is possible to load the arbitrary JSON files remotely via the URL query-string parameter.

jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Three functions exposed by the Gmail.js API (not the Google Gmail API) are vulnerable to DOM-based cross site scripting. The three functions are tools.parse_response, helper.get.visible_emails_post, and helper.get.email_data_post. Each one of these functions calls new Function() with user data passed as the argument.

Three functions exposed by the Gmail.js API (not the Google Gmail API) are vulnerable to DOM-based cross site scripting (DOMXSS). The three functions are tools.parse_response, helper.get.visible_emails_post, and helper.get.email_data_post. Each one of these functions calls new Function() with user data passed as the argument./n/nThis vulnerability is being disclosed before a public patched version is available because the issue was reported in a public Github issue.

Growl does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

The attribute usemap can be used as a security exploit.

Contains a cross site scripting vulnerability (XSS) via the itemTitle parameter. By supplying a malicious value for this parameter, it is possible to execute arbitrary code.

Swagger-UI contains a cross site scripting (XSS) vulnerability in the consumes and produces parameters of the swagger JSON document for a given API. A maliciously crafted swagger JSON doc can be loaded via the URL query-string parameter url.

SQL Injection in TYPO3 Frontend Login.

Information Disclosure in TYPO3 Backend.

Environment Variable Injection.

Insecure Unserialize in TYPO3 Import/Export.

Cross-Site Scripting in third party library mso/idna-convert.

Cross-Site Scripting in TYPO3 Backend.

Cross-Site Scripting vulnerability in typolinks.

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict: RFC (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY and HTTP_PROXY is a popular environment variable used to configure an outgoing proxy. This leads to a remotely exploitable vulnerability.

SequelizeJS is vulnerable to SQL injection via GeoJSON documents containing a value with a single quote. This vulnerability affects postresql/postgis as well as MySQL.

PHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration …

PHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration …

humbug_get_contents is affected by httpoxy, a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. If a vulnerable HTTP client makes an outgoing HTTP connection, while running in a server-side CGI application, an attacker may be able to: * Proxy the outgoing HTTP requests made by the web application * Direct the server to open outgoing connections to an address and port of their choosing * …

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. See provided link.

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. See provided link.

Cache Flooding in TYPO3 Frontend.

The implementation of ORDER BY and GROUP BY in Zend_Db_Select of ZF1 is vulnerable by the following SQL injection.

XSS in TYPO3 Backend.

This package do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

Unspecified vulnerability in libpng, as used in Android , allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug

call does not validate empty parameters, which could result in invalid input bypassing the route validation rules. For example, in the routing scheme /api/{param}/{param2}/details, a request made to /api/// would match incorrectly.

hapi does not validate empty parameters, which could result in invalid input bypassing the route validation rules. For example, in the routing scheme /api/{param}/{param2}/details, a request made to /api/// would match incorrectly.

ActionServlet.java in Apache Struts mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

The REST plugin in Apache Struts 2, allows remote attackers to execute arbitrary code via a crafted expression.

The URLValidator class in Apache Struts 2 allows remote attackers to cause a denial of service via a null value for a URL field.

The MultipartStream class in this package allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

The MultipartStream class in this package allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

js/get_scripts.js.php in phpMyAdmin allows remote attackers to cause a denial of service via a large array in the scripts parameter.

phpMyAdmin allows remote attackers to obtain sensitive information.

Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.

JGroups does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors.

It is possible to crash the node process by sending an overly long websocket payload to a ws server.

The module does not properly escape ">" and "<" operator used for redirection in shell. Application escaping command-line args with this module might be vulnerable from malicious user input.

The primary function, minimatch(path, pattern) is vulnerable to ReDoS in the pattern parameter. This is because of the regular expression on line of minimatch.js: /((?:\{2}))(\?)|/g,. The problematic portion of the regex is ((?:\{2})) which matches against //.

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document.

The header for "Accept-Language", when parsed by negotiator is vulnerable to Regular Expression Denial of Service via a specially crafted string.

Node-cli insecurely uses user provided data in the name of it's lock file and log file. It allows the starting user to overwrite any file they have access to.

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

Format string vulnerability in libxml2 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

The xmlParseElementDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. This only impacts MsSql and SQLite adapters.

Doctrine Annotations allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Doctrine Annotations allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Doctrine uses mkdir($cacheDirectory ) to create caches directories. if your application runs with a umask of

Doctrine uses mkdir($cacheDirectory ) to create caches directories. if your application runs with a umask of

Doctrine uses mkdir($cacheDirectory ) to create caches directories. if your application runs with a umask of

Doctrine uses mkdir($cacheDirectory ) to create caches directories. if your application runs with a umask of

There's an improper default directory umask that can potentially allow unauthorized modifications of PHP code.

Doctrine Annotations allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

The permission masks is not properly set when creating a new directory or file. This can lead to local arbitrary code execution or privilege escalation. Such attacks typically require direct access to a user of the system to exploit, but are dangerous vectors when available.

The permission masks is not properly set when creating a new directory or file. This can lead to local arbitrary code execution or privilege escalation. Such attacks typically require direct access to a user of the system to exploit, but are dangerous vectors when available.

The permission masks is not properly set when creating a new directory or file. This can lead to local arbitrary code execution or privilege escalation. Such attacks typically require direct access to a user of the system to exploit, but are dangerous vectors when available.

The permission masks is not properly set when creating a new directory or file. This can lead to local arbitrary code execution or privilege escalation. Such attacks typically require direct access to a user of the system to exploit, but are dangerous vectors when available.

www/logout.php and modules/core/www/no_cookie.php are not checking the URLs obtained via the HTTP request before displaying them as the target of links that the user may click on. It allows attackers to display links targeting a malicious website inside a trusted site running SimpleSAMLphp, due to the lack of security checks involving the link_href and retryURL HTTP parameters, respectively.

nokogiri mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

When an authentication form is submitted by the user and if the user does not exist, the submitted username is stored in the session. If an attacker submit multiple requests with large usernames, he can potentially fill up the session storage.

When an authentication form is submitted by the user and if the user does not exist, the submitted username is stored in the session. If an attacker submit multiple requests with large usernames, he can potentially fill up the session storage.

Apache PDFBox does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.

The nextBytes function in the SecureRandom class does not properly generate random numbers when used with PHP without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.

The nextBytes function in the SecureRandom class does not properly generate random numbers when used with PHP without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.

The nextBytes function in the SecureRandom class in Symfony does not properly generate random numbers when used with PHP without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.

A lowercasing logic is used on the attribute names. Because of this, boolean attributes whose names are not all lowercase cause infinite recursion, and will exceed the stack call limit.

Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on …

Missing Access Check in TYPO3 CMS.

There's a potential Cross Site Scripting vulnerability in the Model#Escape function if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as &#60; to <.

Moodle does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.

The save_submission function in mod/assign/externallib.php in Moodle allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request.

Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL.

Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.

A security vulnerability in the software mediaelement.js allows to execute arbitrary Javascript code.

Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by jsinitfunctio%gn."

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service via a crafted XML document.

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allow remote attackers to cause a denial of service via a crafted XML document.

The htmlCurrentChar function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

The xmlPArserPrintFileContextInternal function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

The xmlDictAddString function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

safemode for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

Heap-based buffer overflow in the xmlStrncat function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

Jenkins allows remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name".

Jenkins allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permission check.

Jenkins allows remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.

The xmlStringGetNodeList function in tree.c in libxml2, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

A XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.

Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.

LoginForm calls disableSecurityToken(), which causes a "shared host domain" vulnerability.

savetreenode action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.

Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.

The jv_dump_term function in jq allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jg _rc1-r0.

There's a flaw in the way that node.js handles the rejectUnauthorized setting. If the value is something that evaluates to false, certificate verification will be disabled. This is problematic as engine.io-client passes in an object for settings that includes the rejectUnauthorized property, whether it has been set or not. If the value has not been explicitly changed, it will be passed in as null, resulting in certificate verification being turned …

XSLTResult in Apache Struts allows remote attackers to execute arbitrary code via the stylesheet location parameter.

csrf-lite uses ===, a fail first string comparison, instead of a time constant string comparison. This enables an attacker being able to calculate minuscule differences in CSRF tokens, essentially enabling them to guess the token one character at a time Each check increases the variable tempCheck by one. If a malicious user is able to see what tempCheck is at each run (how long it takes to do a check), …

electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. - The –string-ssl command line option defaults to false if not explicitly set to true This could allow an attacker to Man In The Middle (MITM) the step where electron-packager does the following step: "Download all supported target platforms and arches of Electron using the installed electron-prebuilt version (and cache the …

A vulnerability that allows attackers to gain information about private site content.

A missing webdav security declaration would allow unauthorized webdav access.

A malicious user could go to your application and send a request for GET /User?distinct=password and get all the passwords for all the users in the database, despite the field being set to private. This could also be used for other private data if the malicious user knew what was set as private for specific routes.

A user who can create or edit templates can bypass Restricted Python.

Due to the way that marked parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (sanitize: true) to inject a javascript: URL. This flaw exists because &#xNNanything; gets parsed to what it could and leaves the rest behind, resulting in just anything; being left.

The primary npm registry has, since late, used HTTP bearer tokens to authenticate requests from the npm command-line interface. Due to a design flaw in the CLI, these bearer tokens were sent with every request made by the CLI for logged-in users, regardless of the destination of the request. They should instead only be included for requests made against the registry or registries used for the current install. This flaw …

A malicious user could bypass the authentication and execute any command that the user who is running the console-io application is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive …

Integer underflow in the png_check_keyword function in pngwutil.c in libpng allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.

Specifically crafted long headers or uris can cause a minor denial of service.

There are several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. Moreover, there's a potential security issue in the usage of the openssl_random_pseudo_bytes() function in Zend_Crypt_Math::randBytes, reported in PHP BUG #70014, and the security implications reported in a discussion on the random_compat library.

Potential Insufficient Entropy Vulnerability in ZF1.

The diffie_hellman_sha256 function in kex.c in libssh2 improperly truncates secrets to bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks.

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

Drupal might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

Drupal might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

The User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.

The User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.

The System module in Drupal might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content.

The System module in Drupal might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content.

Drupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on an error page, related to path manipulation.

Drupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a error page, related to path manipulation.

Open redirect vulnerability in the drupal_goto function in Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the destination parameter.

Open redirect vulnerability in the drupal_goto function in Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the destination parameter.

The have you forgotten your password links in the User module in Drupal allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.

The have you forgotten your password links in the User module in Drupal allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.

Arbitrary File Disclosure in Form Component.

Privilege Escalation in TYPO3 CMS.

Authentication Bypass in TYPO3 CMS.

The Form API in Drupal ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has #access set to FALSE in the server-side form definition.

The Form API in Drupal ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has #access set to FALSE in the server-side form definition.

The File module in Drupal allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.

The File module in Drupal allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.

CRLF injection vulnerability in the drupal_set_header function in Drupal allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.

CRLF injection vulnerability in the drupal_set_header function in Drupal allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.

Cross-Site Scripting in TYPO3 Backend.

Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE, as used in Apache Struts, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in an url-encoded parameter.

The XML-RPC system in Drupal might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.

The XML-RPC system in Drupal might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. in a ZIP archive entry.

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.

The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.

Cross-site scripting (XSS) vulnerability in Apache Jetspeed allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.

A Cross-site scripting (XSS) vulnerability in Apache OpenMeetings allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.

When using the PouchDB driver in the module, an attacker can execute arbitrary commands via the collection name.

SPIP allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.

Applications that pass unverified user input to the render method in a controller or a view may be vulnerable to a code injection. An attacker could use the request parameters to coerce the controller to execute arbitrary ruby code.

Applications that pass unverified user input to the render method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: def index; render params[:id]; end. Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.

Applications that pass unverified user input to the render method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: def index; render params[:id]; end Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.

Directory traversal vulnerability in Action View in Ruby on Rails before allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. in a pathname.

Jenkins does not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

Jenkins does not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.

The Rails gem allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

BeanShell when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Administrate::ApplicationController actions don't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrate exposes on their behalf.

If JsRender is used with server-delivered client-side templates that dynamically embed end-user input, then it is possible for a malicious user to execute arbitrary client-side code via use of a very specific expression.

Droppy does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others.

The airbrake module defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.

restafary is able to set up a root path, which should only allow it to run inside of that root path it specified. An attacker is able to provide a specifically crafted path to access files outside of this specified root path.

sanitize-html is vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability.

The xmlNextChar function in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

The package encryptor encrypts all messages using the same key/nonce. This not only exposes the XOR of the plaintexts if you XOR together two ciphertexts, but it also leaks the AES-GCM authentication key, allowing an attacker to forge messages and potentially perform chosen ciphertext attacks, which could potentially enable full plaintext recovery.

The compile_branch function in pcre_compile.c in PCRE and pcre2_compile.c in PCRE2 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

random_compat u ses insecure CSPRNG (openssl_random_pseudo_bytes()).

A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.

uri-js is a module that tries to fully implement RFC One of these features is validating whether a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at % usage while uri-js is trying to validate if the supplied URL is valid or not.

The checkHTTP function in libraries/Config.class.php in phpMyAdmin does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.

A Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.

Using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers.

The buildDefaults method on DevelopmentAdmin is missing a permission check. In live mode, if you access /dev/build, you are requested to login first. However, if you access /dev/build/defaults, then the action is performed without any login check. This should be protected in the same way that /dev/build is. The buildDefaults view is requireDefaultRecords() on each DataObject class, and hence has the potential to modify database state. It also lists all …

In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SS_TRUSTED_PROXY_IPS constant. Even with this restriction in place, SilverStripe trusts a variety of HTTP headers due to different proxy notations (e.g. X-Forwarded-For vs. Client-IP). Unless a proxy explicitly unsets invalid HTTP …

GridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS.

Denial of Service attack possibility in TYPO3 component Indexed Search.

XML External Entity (XXE) Processing in TYPO3 Core.

Cross-Site Scripting in TYPO3 component Backend.

Cross-Site Scripting in TYPO3 component CSS styled content.

The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.

Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted search string.

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML.