In the vulnerable versions, the uploader.swf and io.swf utilities contain a vulnerability allowing cross-site scripting through the .swf files used in these components. Through a url accessing these files, and attacker can inject script in the context of these files, potentially exposing cookies or other sensitive information. The vulnerability resurfaced in v0.10.2, but only with io.swf.
wsf/common/DOMUtils.java does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if an application assigns a view's tagName to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that …
XMLscanner.java allows remote attackers to cause a denial of service via vectors related to XML attribute names.
ResourceBuilderImpl.java does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.
Multiple open redirect vulnerabilities in this package allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the redirect: or redirectAction: prefix.
Hash caches and dynamic Symbol creation can be exploited by an attacker.
Apache Struts 2 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
Apache Struts allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both ${} and %{} sequences, which causes the OGNL code to be evaluated twice.
This package allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
This package allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both ${} and %{} sequences, which causes the OGNL code to be evaluated twice.
The BrokerFactory functionalitycreates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
This package allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the URL or A tag.
This package allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the URL or A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
This package allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
parser.c in libxml2, as used in Google Chrome and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.
The module contains functionality meant to filter potential XSS attacks but that can be bypassed.
JS-YAM contains a code execution vulnerability.
A fatal syntax error has been published by mistake.
The middleware overwrites req.method with the req.body['_method'] value. When you don't catch the error it responds with a default error msg: "Cannot [METHOD] [URL]" . Because this is not enough sanitized, you can force a Cross-Site Scripting in the response.
The package enum_column3 for Ruby contains a flaw that may allow a remote denial of service. The issue is due to the program typecasting unexpected strings to symbols. This may allow a remote attacker to crash the program.
Login via zero-valued password credential in doctrine-module.
Untrusted input passed in to the hubot-scripts/package/src/scripts/email.coffee module can allow for command injection. This may be unexpected behavior for the caller.
Untrusted input passed in the call to libnotify.notify could result in execution of shell commands. Callers may be unaware of this.
ep_imageconvert is vulnerable to remote command injection.
The V1 of gemnasium.com's API has been deprecated due to major changes.
Multiple use-after-free vulnerabilities in libxml2 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.
User supplied input isn't sanitized against shell metacharacters and is fed directly to the shell. If the user is tricked into extracting a file with shell characters, arbitrary code can be executed remotely.
In md2pdf/converter.rb we see user supplied input being passed to the command line without proper sanitization.
Remote commands can be executed if the file name contains shell meta characters
The multi_xml Gem for Ruby contains a flaw that is triggered when an error occurs during the parsing of XML parameters. With a crafted request containing arbitrary symbol and yaml types, a remote attacker can execute arbitrary commands.
libxml2 allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.
Using a specially crafted request, an attacker could trick the database type conversion code to return incorrect records. For some token values this could allow an attacker to bypass the proper checks and gain control of other accounts.
A bug in the Ruby agent causes database connection information and raw SQL statements to be transmitted to New Relic servers. The database connection information includes the database IP address, username, and password. The information is not stored or retransmitted by New Relic and is immediately discarded.
Specially crafted URLs can result in remote code execution if the URL contains shell metacharacters. This is due to the fact that the url is passed directly to the shell in the code thumbshooter.rb create method.
Similar to CVE-2013-0156 (Rails issue)
Similar to CVE-2013-0156 (Rails issue)
Similar to CVE-2013-0156 (Rails issue)
Nori has a parameter parsing error that may allow an attacker to execute arbitrary code. This vulnerability has to do with type casting during parsing, and is related to CVE-2013-0156.
lib/rexml/text.rb in the REXML parser allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
The package omniauth-oauth2 for Ruby contains a flaw related to omniauth.state that allows a remote attacker to conduct a session injection attack. This flaw exists because the application, when establishing a new session, does not invalidate an existing session identifier and assign a new one. With a specially crafted request fixating the session identifier, a context-dependent attacker can ensure a user authenticates with the known session identifier, allowing the session …
Vulnerability in the filesystem loader.
The package ldoce passes a URL to commandline for audio output of the pronunciation of a dictonary word. If the URL contains a shell metacharacter, arbitrary code can be executed remotely as the client.
Socket.io will leak memory if used with HTTPS. This version seems to fix also other memory issues, even if HTTPS is not used.
Commands executed if the remote URL or filename contains the shell character ';'. The commands will be executed as the client user if tricked into using the malicious URL or filename.
Specially crafted URLs can result in remote code execution.
If the url contains any ; characters code will be executed as the user. For example if fastreader is fed http://www.g;id;.com id will be executed.
If a URL is from an untrusted source, commands can be injected into it for remote code execution with the ; character.
The sanitize helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious.
Carefully crafted text can bypass the sanitization provided in the sanitize_css method in Action Pack.
There is a vulnerability in the JDOM backend to ActiveSupport's XML parser. you should upgrade or use one of the work arounds immediately.
When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce params[:name] to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately.
The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference.
The default configuration of javax.servlet.context.tempdir in this package uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
XSS vulnerability for html files served up with Content-Disposition attachment headers.
Potential SQL injection due to execution of platform-specific SQL containing interpolations.
Route Parameter Injection Via Query String in Zend\Mvc.
Potential Information Disclosure and Insufficient Entropy vulnerabilities in Zend\Math\Rand and Zend\Validate\Csrf Components.
When the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
The URIMappingInterceptor in this package bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
app/models/spree/user.rb in spree_auth_devise in Spree does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.
app/models/spree/user.rb in spree_auth_devise in Spree does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.
app/models/spree/user.rb in spree_auth_devise in Spree does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.
Spree Commerce allow remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to core/app/controllers/spree/admin/payment_methods_controller.rb; and the (2) promotion_action parameter to promotion_actions_controller.rb, (3) promotion_rule parameter to promotion_rules_controller.rb, and (4) calculator_type parameter to promotions_controller.rb in promo/app/controllers/spree/admin/, related to unsafe use of the constantize function.
This exploit may lead to cookie disclosure to third parties. The exploit exists in darkfish.js which is copied from the RDoc install location to the generated documentation. RDoc is a static documentation generation tool. Patching the library itself is insufficient to correct this exploit.
lib/rack/multipart.rb in Rack uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."
If files downloaded contain shell characters it's possible to execute code as the client user
The ldap_fluff gem for Ruby, as used in Red Hat CloudForms, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.
The ruby_parser Gem does not create temporary files securely. In the diff_pp function contained in lib/gauntlet_rubyparser.rb function, it creates files as /tmp/a.[pid] and /tmp/b.[pid] which can be predicted and used for either a denial of service (file cannot be overwritten), or to change the contents of files that are writable.
multipart/parser.rb in Rack allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
The ls interface can have commands injected into it if option or filename contain the shell character. This vulnerability requires that the file having commands injected in to it be in the Current Working Directory (CWD).
Ms does not correctly parse minutes, people should remain on until it’s fixed. (Kindly reported by ForbesLindesay)
ActiveRecord-JDBC-Adapter (AR-JDBC) contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the sql.gsub() function in lib/arjdbc/jdbc/adapter.rb not properly sanitizing user-supplied input before using it in SQL queries. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
The package fileutils handles temporary files insecurely.
The bundled angular.js library contains a security issue and a memory leak that have been adressed in the latest version.
This package is vulnerable to Man-in-the-middle (MitM) attacks due to attacks due to downloading gems over an insecure protocol. Without a secure connection, it is possible for an attacker to intercept this connection and alter the packages received. In serious cases, this may even lead to Remote Code Execution (RCE) on your host server.
This package is vulnerable to Man-in-the-middle (MitM) attacks due to attacks due to downloading gems over an insecure protocol. Without a secure connection, it is possible for an attacker to intercept this connection and alter the packages received. In serious cases, this may even lead to Remote Code Execution (RCE) on your host server.
There is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities.
This package contains a flaw that is triggered during the redirection to other hosts. This may allow a remote attacker to gain access to HTTP basic authentication credential information.
When parsing certain JSON documents, the JSON gem can be coerced in to creating Ruby symbols in a target system. Since Ruby symbols are not garbage collected, this can result in a denial of service attack. The same technique can be used to create objects in a target system that act like internal objects. These "act alike" objects can be used to bypass certain security mechanisms and can be used …
This package allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka.
The attr_protected method allows developers to exclude model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected.
The attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected.
Affected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.
Affected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
The NonManagedConnectionFactory in JBoss logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.
There is a vulnerability in the JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.
The PubSubHubbub Service Hooks support was broken since url_encoded requests have been removed.
Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does not let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect …
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.
Ruby on Rails contains a flaw in the Authlogic gem. The issue is triggered when the program makes an unsafe method call for find_by_id. With a specially crafted parameter in an environment that knows the secret_token value in secret_token.rb, a remote attacker to more easily conduct SQL injection attacks.
Symfony does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
Symfony does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
Symfony does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
Symfony does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
Symfony, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring.
Doorkeeper contains a flaw as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack causing the victim to disclose their access_token with an arbitrary scope.
libxml2 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
Potential XML eXternal Entity injection vectors in Zend Framework 1 Zend_Feed component.
This package does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.
When a container supports Expression Language (EL), this package evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a name attribute in a spring:hasBindErrors tag; path attribute in a spring:bind or spring:nestedpath tag; arguments, code, text, var, scope, or message attribute in a spring:message or spring:theme tag; or var, scope, or value attribute in a spring:transform tag, aka Expression Language Injection.
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2, as used in Google Chrome and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
Request::getClientIp() when the trust proxy mode is enabled.
Request::getClientIp() gives access to client IP when the trust proxy mode is enabled.
The regular expression engine in this package, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
The regular expression engine in this package, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
The regular expression engine in this package, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
RESTEasy allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.
The JNDI service does not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.
Vulnerability in the EntityUserProvider as provided in the Doctrine bridge.
Apache Libcloud uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Potential Proxy Injection Vulnerabilities in Multiple Zend Framework 2 Components.
This package allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
Apache CXF allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
Denial of Service vector via XEE injection.
Potential XSS Vectors in Multiple Zend Framework 2 Components.
This package allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
The token check mechanism in this package does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
libxml2, as used in Google Chrome, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
Security fixes related to the way XML is handled.
Security fixes related to the way XML is handled in symfony.
Security fixes related to the way XML is handled.
Security issues related to the way XML is handled.
Security fixes related to the way XML is handled.
Local file disclosure via XXE injection in Zend_XmlRpc.
The png_push_read_zTXt function in pngpread.c in libpng allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.
When a value for the prompt field is supplied to the select_tag helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.
Off-by-one error in the png_formatted_warning function in pngerror.c in libpng might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.
The Mail gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
user-bundle contains a security issue where the session could be hijacked.
User refreshing to check the identity by primary key instead of username.
Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary IS NULL clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for NULL in arbitrary places.
The package rack-cache caches potentially sensitive response headers (such as Set-Cookie). Attackers with access to the cache could possibly obtain other user's cookies to e.g. bypass authentication.
Xerces allows remote attackers to affect availability.
Potential XSS in Development Environment Error View Script.
The png_set_text_2 function in pngset.c in libpng allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
This package is vulnerable to Information Exposure between requests in multithreaded WSGI servers.
Because socket.io depends on Math.random() to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.
Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke allows remote attackers to inject arbitrary web script or HTML via a message.
Cross-site scripting (XSS) vulnerability in DotNetNuke allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup.
When using digest authentication with a wrong password, requests will retry the request for infinity. This makes the package vulnerable to Denial of Service (DoS).
Spree does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability.
The session cookie store implementation in Spree uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.
Insecure Unserialize Vulnerability in FLOW3.
Integer signedness error in the png_inflate function in pngrutil.c in libpng beta01, as used in Google Chrome and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated select tag options upon submission to actionpack/lib/action_view/helpers/form_options_helper.rb. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate direct manipulations of SafeBuffer objects via '[]' and other methods. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
This package evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
XML decoding attack vector through external entities.
XML decoding attack vector through external entities.
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
This package is vulnerable to Information Exposure.
This package is vulnerable to Information Exposure. Permissions on a file were set only after writing a files content, which gives the attackers a window to obtain the file content.
This package contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
The helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped.
PHP remote file inclusion vulnerability in dompdf.php in dompdf allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter.
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.
This package contains a flaw that is due to the program listing credential information in plaintext in the install-command process listing. This may allow a local attacker to gain access to credential information.
Integer overflow in xpath.c in libxml2, and libxml, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
The gem contains a flaw that is due to the program failing to properly escape a shell that contains injected characters. This may allow a context-dependent attacker to potentially execute arbitrary commands.
SQL Injection vulnerability in dbal.
A response splitting flaw can allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types.
The png_format_buffer function in pngerror.c in libpng allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
The png_err function in pngerror.c in libpng makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.
The png_handle_sCAL function in pngrutil.c in libpng does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
Buffer overflow in libpng , when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.
This package is vulnerable to Privilege Escalation. See
Multiple cross-site scripting (XSS) vulnerabilities in XWork allow remote attackers to inject arbitrary web script or HTML via vectors involving an action name, the action attribute of an s:submit element, or the method attribute of an s:submit element.
Potential SQL Injection Vector When Using PDO_MySql.
The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.
pngrtran.c in libpng allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information.
This package contains a flaw in the QuickMagick::Image.read function. The issue is triggered when handling a specially crafted string. This may allow a remote attacker to inject arbitrary commands.
remote attackers could execute arbitrary code via a crafted static initializer.
Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter.
Double free vulnerability in libxml2 and other versions, as used in Google Chrome and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
libxml2, as used in Google Chrome, Apple Safari, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
Spree exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a "JSON hijacking" issue.
Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.
shared/util/StateUtils.java in this package uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
The OGNL extensive expression evaluation capability in this package as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive allowlist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the #context, #_memberAccess, #root, #this, #_typeResolver, #_classResolver, #_traceEvaluations, #_lastEvaluation, #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
The password hash generation algorithm in this package performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
This package contains a flaw that is triggered when handling an empty http_put body. This may allow a remote attacker to crash an application linked against the library.
Cross-site scripting (XSS) vulnerability in HTML Purifier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Memory leak in pngrutil.c in libpng , allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
Buffer overflow in pngpread.c in libpng, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
This package allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
Potential Security Issues in Bundled Dojo Library.
The png_decompress_chunk function in pngrutil.c in libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
Improper Neutralization in bcrypt.
This package suffered from a bug related to character encoding that substantially reduced the entropy of hashed passwords containing non US-ASCII characters. An incorrect encoding step transparently replaced such characters by '?' prior to hashing. In the worst case of a password consisting solely of non-US-ASCII characters, this would cause its hash to be equivalent to all other such passwords of the same length. This issue only affects the JRuby …
Potential Security Issues in Bundled Dojo Library.
Potential XSS vector in Zend_Service_ReCaptcha_MailHide.
Potential XSS vectors due to inconsistent encodings.
Potential XSS vector in Zend_Dojo_View_Helper_Editor.
Potential XSS vector in Zend_Filter_StripTags when comments allowed.
This package is vulnerable to Timing Attacks.
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL server applications with a dummy certificate.
XMLScanner.java allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input.
This package uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Algorithmic complexity vulnerability in this package allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.
ParametersInterceptor does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
Remote attackers could execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a # representation for the # character.
XSS vector in Zend_Filter_StripTags.
File Inclusion vector in Zend_View::setScriptPath() and render().
pyrad is vulnerable to multiple XSS vulnerabilities.
The issue is due to the program not properly sanitizing user-supplied input related to the :limit and :offset functions. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Activeresource contains a format string flaw in the request function of lib/active_resource/connection.rb. The issue is triggered as format string specifiers (e.g. %s and %x) are not properly sanitized in user-supplied input when passed via the result.code and result.message variables. This may allow a remote attacker to cause a denial of service or potentially execute arbitrary code.
Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2), and SVN, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
This package contains a flaw in the handling of tag names. The issue is triggered when the program reads tag names from XML data and then calls a method with that name. With a specially crafted file, a context-dependent attacker can call private methods and manipulate data.
This package contains an overflow condition that is triggered as user-supplied input is not properly validated when handling specially crafted data. This may allow a remote attacker to cause a stack-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.