Page 9 of 50 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. British Columbia Institute of Technology CodeIgniter 3.1.3 es vulnerable a la inyección de cabeceras HTTP en la función común set_status_header() en Apache, provocando errores de inyección de cabeceras HTTP. • https://www.codeigniter.com/userguide3/changelog.html#version-3-1-4 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. system/libraries/Email.php en CodeIgniter en versiones anteriores 3.1.3 permite a atacantes remotos ejecutar código arbitrario aprovechando el control sobre el campo email->from para insertar argumentos de linea de comando sendmail. • http://www.securityfocus.com/bid/96851 https://gist.github.com/Zenexer/40d02da5e07f151adeaeeaa11af9ab36 https://github.com/bcit-ci/CodeIgniter/issues/4963 https://github.com/bcit-ci/CodeIgniter/pull/4966 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes. CodeIgniter antes de la versión 3.0 y Kohana 3.2.3 y anteriores y en versiones 3.3.x hasta la 3.3.2 facilita que los atacantes remotos suplanten cookies de sesión y lleven a cabo ataques de inyección de objetos PHP. Esto se realizaría por medio de operadores estándar de comparación de strings para comparar hashes criptográficos. • https://www.exploit-db.com/exploits/36264 http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html http://seclists.org/fulldisclosure/2014/May/54 https://github.com/kohana/core/pull/492 https://scott.arciszewski.me/research/full/php-framework-timing-attacks-object-injection http://www.seagate.com/au/en/support/external-hard-drives/network-storage/business-storage-2-bay-nas https://beyondbinary.io/advisory/seagate-nas-rce • CWE-310: Cryptographic Issues •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available. CodeIgniter en versiones anteriores a la 2.2.0 facilita que los atacantes descodifiquen cookies de sesión aprovechando un fallback a una combinación de cifrado personalizada basada en XOR cuando la extensión Mcrypt para PHP no está disponible. • https://www.exploit-db.com/exploits/36264 http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html https://beyondbinary.io/articles/seagate-nas-rce https://codeigniter.com/userguide2/changelog.html https://www.dionach.com/blog/codeigniter-session-decoding-vulnerability http://www.seagate.com/au/en/support/external-hard-drives/network-storage/business-storage-2-bay-nas https://beyondbinary.io/advisory/seagate-nas-rce • CWE-310: Cryptographic Issues •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks. EllisLab CodeIgniter versión 2.1.2, permite a atacantes remotos omitir el Filtro xss_clean() y llevar a cabo ataques de tipo XSS. CodeIgniter version 2.1.1 suffers from a cross site scripting filter bypass vulnerability. • https://www.exploit-db.com/exploits/37521 http://www.securityfocus.com/bid/54620 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •