libxml2 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
libxml2 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
libxml2 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash.
A buffer overflow was discovered in libxml2 . The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits …
libxml2 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.
Arbitrary shell execution in php_codesniffer.
A malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications that were found vulnerable to Cross-Site Request Forgery.
A properly crafted filename would allow for arbitrary code execution when using the –filter=gitmodified command line option
Sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.
Remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
In Moodle, searching of arbitrary blogs is possible because a capability check is missing.
A CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
pygmentize contains a Remote Code Execution vulnerability.
Cross-site scripting vulnerability in ADOdb allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
An authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
Keycloak does not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.
Cross-site scripting vulnerability in the baserCMS Blog plugin allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site request forgery (CSRF) vulnerability in the baserCMS Blog plugin allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Cross-site request forgery (CSRF) vulnerability in baserCMS allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Cross-site request forgery (CSRF) vulnerability in the baserCMS Mail plugin allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Dolibarr has an SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (buffer over-read) or information disclosure.
Dolibarr ERP/CRM stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
Dolibarr ERP/CRM allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
Dolibarr has an XSS in doli/societe/list.php via the sall parameter.
Multiple cross-site request forgery vulnerabilies exist in Matic.
Product: Apache Cordova Android. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android (Jelly Bean), …
Cookie leakage to wrong origins and non-restricted cookie acceptance
A null dereference vulnerability has been found in the MIME handling component of LibEtPan.
forgotpassword.php lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.
Zen Cart has an XSS in the main_page parameter to `index.php.
Cookies of foo.bar.example.com are leaked to foo.bar. Additionally, any site can set cookies for any other site.
pcre2test.c in PCRE2 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.
GeniXCMS has an XSS that can be triggered by a comment that is mishandled during a publish-operation by an administrator.
GeniXCMS has an XSS that can be triggered by an authenticated user who submits a page.
RuboCop does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.
Carefully crafted requests can expose information about strings and objects allocated during the request for unauthorised users.
Craft CMS does not prevent modification of the URL in a forgot-password email message.
GeniXCMS has an SQL Injection in inc/lib/Control/Backend/menus.control.php that can be exploited via the menuid parameter.
PCRE2 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."
Craft CMS does not properly restrict viewing the contents of files in the craft/app/ folder.
GeniXCMS contains an XSS that can be triggered by an authenticated comment that is mishandled during a mouse operation by an administrator.
Craft CMS allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based.
GeniXCMS allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1` request.
When a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML(<void/>) call.
gomeplus-h5-proxy is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.
XStream, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("") call.
smalruby-editor allows remote attackers to execute arbitrary OS commands via unspecified vectors.
cnvs.io has XSS in the title and content fields of a Posts > Add New action, and during creation of new tags and users.
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace
The HDFS web UI in Apache Hadoop is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
The xsltAddTextString function in transform.c in libxslt, as used by nokogiri, lacks a check for integer overflow during a size calculation, which allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page.
Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors.
An easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.
Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL.
Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.
pooledwebsocket is vulnerable to Directory Traversal, which may allow access to files and data stored on the server.
hftp is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Craft CMS allows XSS attacks.
Under certain conditions it is possible to execute unauthorized code in Shopware.
The "restore teacher" feature in Moodle allows remote authenticated users to overwrite the course id number.
The user editing form in Moodle allows remote authenticated users to edit profile fields locked by the administrator.
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
A Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
Drupal allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.
AESCrypt.encrypt and AESCrypt.decrypt functions are not randomized with an Initialization Vector (IV), which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.
This is a critical access bypass vulnerability in Drupal.
Files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack …
Apache CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
A known /tmp filename is used during passenger-install-nginx-module execution, which can allow local attackers to gain the privileges of the passenger user.
JAX-RS XML Security streaming clients in Apache CXF does not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
badjs-sourcemap-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
Files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack …
When using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
When using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
When "send file" is used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.
The refactoring of the HTTP connectors introduced a regression in the send file processing. If the file processing completed quickly, it is possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.
The handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.
Some calls to application listeners in Apache Tomcat did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.
The OAuth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
By default, Ember will escape any values in Handlebars templates that use double curlies ({{value}}). Developers can specifically opt out of this escaping behavior by passing an instance of SafeString rather than a raw string, which tells Ember that it should not escape the string because the developer has taken responsibility for escapement. It is possible for an attacker to create a specially-crafted payload that causes a non-sanitized string to …
handler/ssl/OpenSslEngine.java in this package allows remote attackers to cause a denial of service (infinite loop).
This advisory has been marked as a false positive.
The FeedProxy.aspx script in Umbraco allows remote attackers to proxy requests on their behalf via the "url" parameter.
Forms did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting
Because of the way errors are handled, an attacker that forces an error can crash the server, causing a denial of service.
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.
web2py does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.
Apache Ignite allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.
Apache Tika allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
When hapi encounters a malformed accept-encoding header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached.
When a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.
file_open in Tryton allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack.
During installation, Ambari Server artifacts are not created with proper ACLs.
An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the SocialNetwork-andrea/app/template/pw_forgot.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
There is XSS in the Course summary filter of the "Add a new course" page.
go-jose before suffers from a CBC-HMAC integer overflow on architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on architectures.
The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the library might mistakenly read protected header values from an attached signature that was different from the one originally validated.
Apache Camel's Jackson and JacksonXML unmarshalling operation is vulnerable to Remote Code Execution attacks.
A reflected Cross-site scripting exists in yii2.
Netflix Security Monkey has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.
An SQL injection can occur via user preferences.
In Moodle global search displays user names for unauthenticated users.
An XSS can occur via evidence of prior learning.
In Moodle, an XSS can occur via attachments to evidence of prior learning.
This package allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Apache POI allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Pi Engine CMS contains a Cross-Site Scripting vulnerability.
jQuery's main method in affected versions contains an unreliable way of detecting whether the input to the jQuery(strInput) function is intended to be a selector or HTML.
When text/javascript responses are received from cross-origin ajax requests not containing the option dataType, the result is executed in jQuery.globalEval potentially allowing an attacker to execute arbitrary code on the origin.
An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
libpcre1 in PCRE and libpcre2 in PCRE2 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
An issue was discovered in includes/component. It is possible for authenticated users to edit documents of other users without proper permissions.
TYPO3 sends an HTTP request to an index.php?loginProvider URI in cases with an HTTP Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.
A 3rd party development library included with Drupal development dependencies is vulnerable to remote code execution
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal. To be sure you aren’t vulnerable, you can remove the /vendor/phpunit directory from the site root of your …
Some administrative paths did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
Some administrative paths in Drupal does not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
This package is vulnerable against SSRF via remote DTDs and XXE.
When adding a private file via the editor in Drupal, the editor will not correctly check access for the file being attached, resulting in an access bypass.
When adding a private file via a configured text editor (like CKEditor), the editor will not correctly check access for the file being attached, resulting in an access bypass.
ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid.
Cross-site scripting (XSS) vulnerability in jQuery UI might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not.
Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser.
A serialization vulnerability was found in the SocketServer and ServerSocketReceiver components.
node-jose is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.
The Jakarta Multipart parser in Apache has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header.
remarkable allows the use of data: URIs.
EpicEditor contains an XSS vulnerability because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document.
http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature.
Running $sanitize on bad HTML can freeze the browser. The problem occurs with clobbered data; typically the "nextSibling" property on an element is changed to one of it's child node, this makes it impossible to walk the HTML tree and leads to an infinite loop which freezes the browser.
This package is vulnerable to Java object de-serialization vulnerability. Camel allows to specify such a type through the CamelJacksonUnmarshalType property. De-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues.
This package is vulnerable to Java object de-serialization vulnerability. Camel allows to specify such a type through the CamelJacksonUnmarshalType property. De-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues.
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. Deserializing untrusted data can lead to security flaws.
There is an XSS in SilverStripe CMS.
Multiple Cross-Site Scripting vulnerabilities exist in inter-mediator. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The package festivaltts4r passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to the to_speech and to_mp3 methods in lib/festivaltts4r/festival4r.rb library.
The gem passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to the speak, save, bytes and bytes_wav methods in the lib/espeak/speech.rb library.
brace expansion is vulnerable to Regular Expression Denial of Service attacks.
This release contains a fix for a security advisory related to the improper handling of shell commands. Uses of shell_exec() and exec() were not escaping filenames and configuration settings in most cases A properly crafted filename or configuration option would allow for arbitrary code execution when using some features.
TYPO3 is vulnerable to Cross-Site Scripting.
An error during signature verification can be treated as a successful verification.
An error during signature verification can be treated as a successful verification.
Authentication Bypass in TYPO3 Frontend.
XSS in TYPO3 CMS.
Due to late TCA initialization the authentication service fails to restrict frontend user according to the validation rules. Therefore it is possible to authenticate restricted (e.g. disabled) frontend users.
The Zip::File component in the rubyzip gem for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses ../ pathname substrings to write arbitrary files to the filesystem.
Arbitrary shell execution in php_codesniffer.
, AngularJS allows bootstrapping of invalid/bad svg and currentScript if it was clobbered.
Remote attackers can inject arbitrary web script or HTML via the token parameter.
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
An incorrect check of return values in the signature validation utilities allows an attacker to get invalid signatures accepted as valid by forcing an error during validation. get those messages accepted as valid and coming from a trusted entity. In practice, this means full capabilities to impersonate any individual at a given service provider. This vulnerability is not to be confused with the one described and related to SAML 2 …
An incorrect check of return values in the signature validation utilities allows an attacker to get invalid signatures accepted as valid by forcing an error during validation.
Froxl uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
Passing untrusted data to the .deserialize function can cause arbitrary code execution through an Immediately Invoked Function Expression (IIFE).
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display.
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks.
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display.
An issue was discovered in the node-serialize package for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
node-serialize can be abused to execute arbitrary code via a Immediately Invoked Function Expression (IIFE) if untrusted user input is passed into unserialize()
There's a flaw in LdapBindAuthenticationProvider that allows for an unauthorized access on a misconfigured LDAP server when using an empty password. Applications are affected only if they use the LDAP authentication provider.
There's a flaw in LdapBindAuthenticationProvider that allows for an unauthorized access on a misconfigured LDAP server when using an empty password. Applications are affected only if they use the LDAP authentication provider.
A remote attacker could learn information about the exact PHP version run by the affected system, allowing the search for vulnerabilities known to work with that version.
Symfony allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block.
The installation wizard in DotNetNuke (DNN) allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
PECL in the download utility class in the Installer in PEAR Base System does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. in an extracted filename.
Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. in an extracted filename.
SilverStripe is vulnerable to XSS via the page name. For instance, page name "><svg/onload=alert(/xss/)> will trigger an XSS alert.
The png_set_text_2 function in libpng allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
OkHttp allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
OkHttp allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
nes has a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to cookie. Submitting an invalid cookie on the websocket upgrade request will cause the node process to error out.
An issue was discovered in Pagekit. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit.
Remote Code Execution Vulnerability in shopware.
The package ruby-saml is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced two elements at the same time (but past the scheme validator process since 1 of the element was inside the encrypted assertion).
The tar module allow for archives to contain symbolic links that will overwrite targets outside the expected path for extraction.
The send module discloses the root path.
Under certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware.
uglify-js is vulnerable to regular expression denial of service (ReDoS) when certain types of input is passed into .parse(). A regular expression leading to a very long processing time can be used to make the program hang for a very long time.
ms is vulnerable to regular expression denial of service (ReDoS) when extremely long version strings are parsed.
Extbase in TYPO3 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
The clientIp function in CakePHP allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
TYPO3 is vulnerable to Cross-Site Scripting.
Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.
Doorkeeper failed to implement OAuth Token Revocation (RFC ) in the following ways: Public clients making valid, unauthenticated calls to revoke a token would not have their token revoked Requests were not properly authenticating the client credentials but were, instead, looking at the access token in a second location Because of 2, the requests were also not authorizing confidential clients' ability to revoke a given token. It should only revoke …
fury-adapter-swagger has a vulnerability that allows arbitrary file reads off the file system. This could be used to retrieve sensitive data, or cause a denial of service by reading /dev/zero.
In Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed.
In Moodle, text injection can occur in email headers, potentially leading to outbound spam.
In Moodle, glossary search displays entries without checking user permissions to view them.
There is incorrect sanitization of attributes in forums.
There is XSS in the assignment submission page.
A vulnerability in includes/classes/ia allows remote attackers to conduct PHP Object Injection attacks via crafted deserialized data in a salt cookie in a login request.
Remote Code Execution Vulnerability in shopware.
ecrire/exec/valider_xml.php in SPIP allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
The SPIP template composer/compiler in SPIP allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with crafted user input.
PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments.
An SQL injection vulnerability exists in inc/lib/Control/Backend/posts.
system/libraries/Email.php in CodeIgniter allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.
Web2py is affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged-in user to perform some unwanted actions. An attacker can trick a victim to disable the installed application just by sending a URL to victim.
An HTTP/2 implementation built using the priority library could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree.
This package does not consider URL path parameters when processing security constraints.Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.
windows-build-tools download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
Remote Code Execution in third party library swiftmailer.
SQL injection vulnerability in register.php in GeniXCMS allows remote attackers to execute arbitrary SQL commands via the activation parameter.
openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
msystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.
limbus-buildgen download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.
mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
webdriver-launcher downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
tomita
cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
poco downloads source file resources used for compliation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
/nipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application.
headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
alto-saxophone download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
fis-parser-sass-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
jstestdriverdownloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
node-thulac downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server.
openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
herbivore download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
broccoli-closure downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
js-given downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data.
install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
unicode-json downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
grunt-ccompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.
openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
The patch for CVE-2016-10033 vulnerability added in PHPMailer sanitizes the $Sender variable by applying escapeshellarg() escaping before the value is passed to mail() function. It does not however take into account the clashing of the escapeshellarg() function with internal escaping with escapeshellcmd() performed by mail() function on the 5th parameter. As a result it is possible to inject an extra quote that does not get properly escaped and break out …
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a crafted e-mail address.
There's a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application.
The setFrom function in the Sendmail adapter in the zend-mail component might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " in a crafted e-mail address.
This advisory has been marked as a false positive.
Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
This package is vulnerable to Cross-Site Scripting (XSS). When a label is rendered, the contents of the label element were not escaped.
ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.
prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.
The ApplicationController is not protected against CSRF (Cross-Site Request Forgery).
A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.
A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.
Chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
macaca-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
Unicode downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.
nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.
closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.
ibm_db downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.
closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
iedriver downloads binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
During the installation process, the go-ipfs-deps module insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.
bkjs-wand downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
operadriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
fuseki downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
apk-parser3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
Kindlegen downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
baryton-saxophone downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
apk-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
embedza downloads JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.
pngcrush-installer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
geoip-lite-country downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
install-nw downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
product-monitor downloads JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.
This package is vulnerable to Cross-Site Scripting (XSS) attacks. The autoescaping method was disabled by default, allowing an attacker to alter database values.
Heap-based buffer overflow in PCRE and PCRE2 allows remote attackers to execute arbitrary code via a crafted regular expression.
PCRE, and PCRE2 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression.
An incorrect check of return values in the signature validation utilities allows an attacker to get invalid signatures accepted as valid by forcing an error during validation.
An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server.
An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user session, username, and password are not compromised by this vulnerability.
An issue was discovered in phpMyAdmin. A user can exploit the "LOAD LOCAL INFILE" functionality to expose files on the server to the database system.
An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user.
An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection.
An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules.
An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files.
An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp.
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout.
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true.
An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true.
There is a directory traversal vulnerability that allows an attacker to read files outside the current directory by sending ../ in the url path for GET requests.
An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies.
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10.
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack.
An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing.
An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file.
An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature.
An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension.
Bitty has a directory traversal vulnerability that is exploitable via the URL path in GET requests.
There's a directory traversal vulnerability that is exploitable via the URL path in GET requests.
The library downloads binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
The library downloads binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
The library downloads binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
The library downloads binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP allows remote attackers to inject arbitrary web script or HTML via the rac parameter.
In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.
Form fields returning isReadonly() as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeField_Readonly. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe …
Confirmation forms in Drupal make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
Modules wishing to restrict access to taxonomy terms may be incompatible with queries generated both by Drupal core as well as those generated by contributed modules like Entity Reference. As a result, information on taxonomy terms may be disclosed to unprivileged users.
Modules wishing to restrict access to taxonomy terms may be incompatible with queries generated both by Drupal core as well as those generated by contributed modules like Entity Reference. As a result, information on taxonomy terms may be disclosed to unprivileged users.
The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.
The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.
A specially crafted URL can cause a denial of service via the transliterate mechanism.
A specially crafted URL can cause a denial of service via the transliterate mechanism.
Stored Cross-Site-Scripting (XSS) is possible by including code outside of backticks in any ebook. This code will be executed on the online reader.
Path Traversal in TYPO3 Core.
Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence.
Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed.
Insecure Unserialize in TYPO3 Backend.
libxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
There's a PHP Object Injection vulnerability that can be triggered through the saveLayout() method defined into the /plugins/Dashboard/Controller.php script. Since Piwik is not using "utf8mb4" collations for its database, this can be exploited in combination with a MySQL UTF8 truncation issue in order to corrupt the session array, allowing unauthenticated attackers to inject arbitrary PHP objects into the application scope and carry out Server-Side Request Forgery (SSRF) attacks, delete arbitrary …
There's a Remote Code Execution vulnerability in the highlight function of Pygmentize.
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
The library passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to cd and git clone commands in the library.
Git allows executing arbitrary shell commands using git-remote-ext via remote URLs. Normally git never requests URLs that the user does not specifically request, so this is not a serious security concern. However, submodules did allow the remote repository to specify what URL to clone from. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an …
The PersistedUsernamePasswordProvider is prone to a information disclosure of account existence based on timing attacks as the hashing of passwords is only done in case an account is found.
Time-Based Information Disclosure Vulnerability in Flow.
If user input goes into the limit or order parameters, a malicious user can put in their own SQL statements.
Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements that will get executed and have full access to the database.
Sequelize defaults SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping. This leads to SQL injection.
Sequelize contains a potential SQL injection.
Gregwar is vulnerable to local file inclusion when including RST templates.
Local File Inclusion Vulnerability in rst.
In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped.
"algorithm" isn't enforced in jwt.decode() and a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.
Since algorithm isn't enforced in jwt.decode(), a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.
There exists a Java Object in this package that can be manipulated in such a way that when it is deserialized, it can write or copy files to disk in arbitrary locations. Furthermore, while the Object can be used alone, this new vector can be integrated with ysoserial to upload and execute binaries in a single deserialization call. This may or may not work depending on an application's implementation of …
Parsing a file with a malicious name leads to arbitrary OS command injection, this is especially risky when parsing user-supplied files on a server (e.g. uploaded files).
Sails has an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when allRoutes is set to true and origin is set to * …
Extension URIs (resource://…) bypass Content-Security-Policy in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacked can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection.
Nunjucks has a cross site scripting (XSS) vulnerability in autoescape mode: all template vars should automatically be escaped. By using an array for the keys, it is possible to bypass autoescaping and inject content into the DOM.
By sending a Mb websocket message to a uws server instance, it is possible to crash the node process by exceeding V8's maximum string size.
If an attacker can trick an unsuspecting user into viewing a specially crafted plot on a site that uses plotly.js, then the attacker could potentially retrieve authentication tokens and perform actions on behalf of the user.
An arbitrary code injection vector was found via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.
Arbitrary code execution is possible through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function.
The exception handling code in this package allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
PySAML2 is vulnerable to XML External Entity attacks (XEE attacks) via SAML XML requests.
Null reset codes are allowed through sentry.
Vulnerability to Response Wrapping attacks resulting in a malicious user gaining unauthorized access to a system.
The system.temporary route allows the download of a full config export. The full config export should be limited to those with "Export configuration" permission.
The system.temporary route allows the download of a full config export. The full config export should be limited to those with "Export configuration" permission.
Users who have rights to edit a node can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.
Users who have rights to edit a node can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.
Remote attackers could cause a denial of service (CPU and disk consumption) via a long URL.
The qstr method in the PDO driver in the ADOdb Library for PHP might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.
An attacker can create a specially crafted url, which can execute arbitrary code in the victim’s browser if loaded. Drupal is not properly sanitizing an exception.
An attacker can create a specially crafted url, which can execute arbitrary code in the victim’s browser if loaded. Drupal is not properly sanitizing an exception.
The library does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.
ImageMagick driver does not escape all shell arguments.
CRLF injection vulnerability in the Undertow web server allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Nokogiri is affected via its dependency libxml2. CVE-2016-4448: Format string vulnerability in libxml2 allows attackers to have unspecified impact via format string specifiers in unknown vectors. CVE-2016-4658: libxml2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. CVE-2016-5131: libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the …
xpointer.c in libxml2 (as used in Apple iOS, OS X, tvOS, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.
This package is vulnerable to Open Redirect attacks.
This package allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.
Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability.
Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in …
The User module in Drupal allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
The User module in Drupal allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
The Views module in Drupal and the Views module might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.
The Views module in Drupal and the Views module might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.
The implementation of ORDER BY and GROUP BY in Zend_Db_Select is prone to SQL injection when a combination of SQL expressions and comments are used.
There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155.
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
There is a possible XSS vulnerability in Action View. Text declared as HTML safe will not have quotes escaped when used as attribute values in tag helpers.
There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers.
The Rails gem does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request.
There's a flaw in the DB schema where reset_password_code is NULL by default. If an attacker is able to provide a NULL reset code to the package, there are no guards against arbitrary anonymous password resets. In many cases, submitting a url-encoded null byte value (%00) will match what's in the database, passing the check and allowing the attacker to set the password to what they wish.
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.
Critical vulnerabilities in JSON Web Token libraries.
Cookie-signature is vulnerable to timing attacks.
A cross site scripting (XSS) vulnerability was introduced due to a change from text to html functions in how JSON elements are rendered.
c3 contain a cross site scripting (XSS) vulnerability through improper html sanitization on rendered tooltips.
Specifically crafted MQTT packets can crash the application, making a DoS attack feasible with very little bandwidth.
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings allows remote attackers to inject arbitrary web script or HTML via the swf parameter.
This package is vulnerable to Cross-Site Request Forgery (CSRF) attacks.
There's a cross site scripting (XSS) vulnerability in the url query string parameter.
List of key / value pairs assigned to OptionsetField or CheckboxSetField do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.
A cross-site scripting vulnerability in VersionedRequestFilter has been found. If an incoming user request should not be able to access the requested stage, an error message is created for display on the CMS login page that they are redirected to. In this error message, the URL of the requested page is interpolated into the error message without being escaped; hence, arbitrary HTML can be injected into the CMS login page.
If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users.
When a user changes their password, the internal salt used for hashing their password is not updated.
The SS_Report, and the reports CMS section only checks canView() when listing the reports that can be viewed by the current user. It does not (and should) perform canView checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.
The core template framework/templates/Includes/GridField_print.ss uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because Member->getName() just returns the raw FirstName + Surname as a string, which is injected directly.
After performing a password reset, ChangePasswordForm::doChangePassword() logs in the user without checking Member::canLogIn(). This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like Member::canLogIn() was originally designed to only be used for checking whether the user is locked out (due …
This module does not validate the KDC, which might allow an attacker with network access and enough time to spoof the KDC and impersonate a valid user without knowing their credentials.
rhq allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.
Sanitization of HTML strings is not applied recursively to input, allowing an attacker to potentially inject script and other markup.
ezseed-transmission downloads a script from http://stedolan.github.io/jq/download/linux64/jq without checking the certificate. An attacker on the same network or on an ISP level could intercept the traffic and push their own version of the file, causing the attackers code to be executed.
Cross-site scripting (XSS) vulnerability in Apache Archiva allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action.
Since "algorithm" isn't enforced in jws.verify(), a malicious user could choose what algorithm is sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.
There's a critical SQL injection bug in the ODBC database driver.
By using a malicious server which returns script as the value of the Content-Type header, it is possible to execute arbitrary code using the demonstration capabilities of Swagger-UI.
Primary functions of emojione do not properly sanitize input and are thus vulnerable to cross site scripting (XSS). If you application passes user supplied input to these functions, it may be vulnerable to this attack.
There exists a cross site scripting (XSS) vulnerability in the Pillbox feature of FuelUX. By supplying a script as a value for a new pillbox, it is possible to cause arbitrary script execution.
Cross site scripting vulnerability in the drag and drop functionality for modifying tree data. A node that contains a standard XSS vector will have its payload execute when a user attempts to drag a node to a different position in the hierarchy.
There's a cross site scripting (XSS) issue when rendered inside a _block during client side rendering. Server side rendering is not affected and is properly escaped.
Use-after-free vulnerability in libxml2, as used in Google Chrome, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
Tough-cookie contain a vulnerable regular expression that, under certain conditions involving long strings of semicolons in the "Set-Cookie" header, causes the event loop to block for excessive amounts of time.
Swagger-ui contains a cross site scripting (XSS) vulnerability in the key names for the following object path in the JSON document: .definitions.{USER_DEFINED}.properties.{INJECTABLE_KEY_NAME}. Supplying a key name with script tags causes arbitrary code execution. In addition it is possible to load the arbitrary JSON files remotely via the URL query-string parameter.
jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.
Three functions exposed by the Gmail.js API (not the Google Gmail API) are vulnerable to DOM-based cross site scripting. The three functions are tools.parse_response, helper.get.visible_emails_post, and helper.get.email_data_post. Each one of these functions calls new Function() with user data passed as the argument.
Three functions exposed by the Gmail.js API (not the Google Gmail API) are vulnerable to DOM-based cross site scripting (DOMXSS). The three functions are tools.parse_response, helper.get.visible_emails_post, and helper.get.email_data_post. Each one of these functions calls new Function() with user data passed as the argument./n/nThis vulnerability is being disclosed before a public patched version is available because the issue was reported in a public Github issue.