CVSS: 5.0EPSS: 1%CPEs: 22EXPL: 1CVE-2012-5574
https://notcve.org/view.php?id=CVE-2012-5574
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. lib/form/sfForm.class.php en Symfony CMS anterior a v1.4.20 permite a atacantes remotos leer archivos de su elección a través de una petición de carga manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093698.html http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093920.html http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093922.html http://secunia.com/advisories/51372 http://symfony.com/blog/security-release-symfony-1-4-20-released http://trac.symfony-project.org/changeset/33598 http://www.openwall.com/lists/oss-security/2012/11/26/12 http://www.osvdb.org/87869 http://w • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2012-2667
https://notcve.org/view.php?id=CVE-2012-2667
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes." Vulnerabilidad de fijación de sesión en lib/user/sfBasicSecurityUser.class.php en SensioLabs Symfony antes de v1.4.18 permite a atacantes remotos secuestrar sesiones web a través de vectores relacionados con el método 'regenerate' y "clases de sesión de respaldo de base de datos" no especificadas. • http://secunia.com/advisories/49312 http://symfony.com/blog/security-release-symfony-1-4-18-released http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG http://www.openwall.com/lists/oss-security/2012/06/04/1 http://www.openwall.com/lists/oss-security/2012/06/05/2 http://www.securityfocus.com/bid/53776 https://exchange.xforce.ibmcloud.com/vulnerabilities/76027 •