2 results (0.001 seconds)

CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 0

CVE-2013-4412

https://notcve.org/view.php?id=CVE-2013-4412

slim has NULL pointer dereference when using crypt() method from glibc 2.17 slim presenta una desreferencia del puntero NULL cuando es usado el método crypt() de glibc versión 2.17. • http://www.openwall.com/lists/oss-security/2013/10/09/6 http://www.securityfocus.com/bid/62906 https://access.redhat.com/security/cve/cve-2013-4412 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4412 https://exchange.xforce.ibmcloud.com/vulnerabilities/89675 https://security-tracker.debian.org/tracker/CVE-2013-4412 • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-2171

https://notcve.org/view.php?id=CVE-2015-2171

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data. Middleware/SessionCookie.php en Slim anterior a 2.6.0 permite a atacantes remotos realizar ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de datos de sesiones manipulados. • http://seclists.org/fulldisclosure/2015/Mar/16 http://www.securityfocus.com/bid/70087 http://www.slimframework.com/2015/03/01/version-260.html https://github.com/slimphp/Slim/issues/1034 • CWE-94: Improper Control of Generation of Code ('Code Injection') •