7 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is ba2f71ad3a46e5949ee0c510b544fa4ea973baaa. • https://github.com/mauriciosoares/ss15-this-is-sparta/commit/ba2f71ad3a46e5949ee0c510b544fa4ea973baaa https://github.com/mauriciosoares/ss15-this-is-sparta/pull/1 https://vuldb.com/?ctiid.217624 https://vuldb.com/?id.217624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1

Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111. Vulnerabilidad de inyección de argumento en la implementación sendmail del método Mail::Send (Mail/sendmail.php) en el paquete Mail v1.1.14 para for PEAR, permite a atacantes remotos leer y escribir ficheros de su elección a través de un parámetro $from, es un vector distinto a CVE_2009-4111. • http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html http://pear.php.net/bugs/bug.php?id=16200 http://pear.php.net/bugs/bug.php?id=16200&edit=12&patch=quick-fix&revision=1241757412 http://secunia.com/advisories/37410 http://secunia.com/advisories/37458 http://svn.php.net/viewvc/pear/packages/Mail/trunk/Mail/sendmail.php?r1=243717&r2=280134 http://www.debian.org/security/2009/dsa-1938 http://www.openwall.com/lists/oss-security/2009/11/23/8 http • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 1%CPEs: 11EXPL: 0

Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem. La vulnerabilidad de inyección de argumentos en la función ping en el archivo Ping.php en el paquete Net_Ping anterior a versión 2.4.5 para PEAR, permite a los atacantes remotos ejecutar comandos de shell arbitrarios por medio del parámetro host. NOTA: esto también se ha notificado como un problema del metacarácter de shell. • http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory http://pear.php.net/advisory20091114-01.txt http://pear.php.net/package/Net_Ping/download/2.4.5 http://secunia.com/advisories/37451 http://secunia.com/advisories/37502 http://svn.php.net/viewvc/pear/packages/Net_Ping/trunk/Ping.php?r1=274728&r2=290669&pathrev=290669 http://www.debian.org/security/2009/dsa-1949 http://www.securityfocus.com/bid/37093 http://www.vupen.com/english/ad • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0

Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección de argumento en la función traceroute en el paquete Net_Traceroute anterior a v0.21.2 para PEAR, permite a atacantes remotos ejecutar comandos de su elección a través del parámetro host. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory http://osvdb.org/60515 http://pear.php.net/advisory20091114-01.txt http://pear.php.net/package/Net_Traceroute/download/0.21.2 http://secunia.com/advisories/37497 http://secunia.com/advisories/37503 http://security.gentoo.org/glsa/glsa-200911-06.xml http://www.openwall.com/lists/oss-security/2009/11/23/8 http://www.securityfocus.com/bid/37094 http://www.vupen.com/english/advisor • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.0EPSS: 8%CPEs: 3EXPL: 0

Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. • http://pear.php.net/bugs/bug.php?id=6933 http://pear.php.net/package/Archive_Tar/download http://secunia.com/advisories/19011 http://www.hamid.ir/security/phptar.txt http://www.osvdb.org/23481 http://www.securityfocus.com/archive/1/425967/100/0/threaded http://www.securityfocus.com/bid/16805 http://www.vupen.com/english/advisories/2006/0728 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •