CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2013-1348
https://notcve.org/view.php?id=CVE-2013-1348
The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397. La función Yaml::parse en Symfony 2.0.x anterior a 2.0.22 permite a atacantes remotos ejecutar código PHP arbitrario a través de un archivo PHP, una vulnerabilidad diferente a CVE-2013-1397. • http://secunia.com/advisories/51980 http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released http://www.securityfocus.com/bid/57574 https://exchange.xforce.ibmcloud.com/vulnerabilities/81550 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 20EXPL: 0CVE-2012-6431
https://notcve.org/view.php?id=CVE-2012-6431
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string. Symfony v2.0.20 antes de v2.0.x no procesa los datos de URL codificadas consistentemente dentro de los componentes de seguridad y enrutado, lo que permite a atacantes remotos evitar las restricciones de acceso a URIs a través de una cadena doblemente codificada. • http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 26EXPL: 0CVE-2012-6432
https://notcve.org/view.php?id=CVE-2012-6432
Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring. Symfony v2.0.x antes de v2.0.20, v2.1.x antes de v2.1.5 y v2.2-dev, cuando la configuración de rutas internas está activada, permite a atacantes remotos acceder a los servicios elección a través de vectores relacionados con una subcadena /_internal. • http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 22EXPL: 1CVE-2012-5574
https://notcve.org/view.php?id=CVE-2012-5574
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. lib/form/sfForm.class.php en Symfony CMS anterior a v1.4.20 permite a atacantes remotos leer archivos de su elección a través de una petición de carga manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093698.html http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093920.html http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093922.html http://secunia.com/advisories/51372 http://symfony.com/blog/security-release-symfony-1-4-20-released http://trac.symfony-project.org/changeset/33598 http://www.openwall.com/lists/oss-security/2012/11/26/12 http://www.osvdb.org/87869 http://w • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2012-2667
https://notcve.org/view.php?id=CVE-2012-2667
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes." Vulnerabilidad de fijación de sesión en lib/user/sfBasicSecurityUser.class.php en SensioLabs Symfony antes de v1.4.18 permite a atacantes remotos secuestrar sesiones web a través de vectores relacionados con el método 'regenerate' y "clases de sesión de respaldo de base de datos" no especificadas. • http://secunia.com/advisories/49312 http://symfony.com/blog/security-release-symfony-1-4-18-released http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG http://www.openwall.com/lists/oss-security/2012/06/04/1 http://www.openwall.com/lists/oss-security/2012/06/05/2 http://www.securityfocus.com/bid/53776 https://exchange.xforce.ibmcloud.com/vulnerabilities/76027 •