CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2013-1397
https://notcve.org/view.php?id=CVE-2013-1397
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348. Symfony 2.0.x anterior a 2.0.22, 2.1.x anterior a 2.1.7 y 2.2.x permite a atacantes remotos ejecutar código PHP arbitrario a través de un objeto PHP serializado hacia la función (1) Yaml::parse o (2) Yaml\Parser::parse, una vulnerabilidad diferente a CVE-2013-1348. • http://secunia.com/advisories/51980 http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released http://www.securityfocus.com/bid/57574 https://exchange.xforce.ibmcloud.com/vulnerabilities/81551 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2013-1348
https://notcve.org/view.php?id=CVE-2013-1348
The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397. La función Yaml::parse en Symfony 2.0.x anterior a 2.0.22 permite a atacantes remotos ejecutar código PHP arbitrario a través de un archivo PHP, una vulnerabilidad diferente a CVE-2013-1397. • http://secunia.com/advisories/51980 http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released http://www.securityfocus.com/bid/57574 https://exchange.xforce.ibmcloud.com/vulnerabilities/81550 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 20EXPL: 0CVE-2012-6431
https://notcve.org/view.php?id=CVE-2012-6431
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string. Symfony v2.0.20 antes de v2.0.x no procesa los datos de URL codificadas consistentemente dentro de los componentes de seguridad y enrutado, lo que permite a atacantes remotos evitar las restricciones de acceso a URIs a través de una cadena doblemente codificada. • http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 26EXPL: 0CVE-2012-6432
https://notcve.org/view.php?id=CVE-2012-6432
Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring. Symfony v2.0.x antes de v2.0.20, v2.1.x antes de v2.1.5 y v2.2-dev, cuando la configuración de rutas internas está activada, permite a atacantes remotos acceder a los servicios elección a través de vectores relacionados con una subcadena /_internal. • http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 22EXPL: 1CVE-2012-5574
https://notcve.org/view.php?id=CVE-2012-5574
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. lib/form/sfForm.class.php en Symfony CMS anterior a v1.4.20 permite a atacantes remotos leer archivos de su elección a través de una petición de carga manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093698.html http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093920.html http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093922.html http://secunia.com/advisories/51372 http://symfony.com/blog/security-release-symfony-1-4-20-released http://trac.symfony-project.org/changeset/33598 http://www.openwall.com/lists/oss-security/2012/11/26/12 http://www.osvdb.org/87869 http://w • CWE-264: Permissions, Privileges, and Access Controls •