CVE-2024-49332 – WordPress Giveaway Boost plugin <= 2.1.4 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49332
Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4. The Giveaway Boost plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://patchstack.com/database/vulnerability/giveaway-boost/wordpress-giveaway-boost-plugin-2-1-4-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVE-2024-6584 – Jetpack Boost <= 3.4.6 - Authenticated (Admin+) Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-6584
The Jetpack Boost – Website Speed, Performance and Critical CSS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.4.6 via the wp_ajax_boost_proxy_ig AJAX action. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2013-0252
https://notcve.org/view.php?id=CVE-2013-0252
boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes. boost :: locale :: utf :: utf_traits en la biblioteca Boost Boost.Locale en Boost v1.48 hasta v1.52 no detecta correctamente ciertas secuencias UTF-8 inválidaso, lo que podría permitir a atacantes remotos eludir el mecanismo de protección mediante la manipulación de determinados bytes. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699649 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699650 http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099103.html http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099122.html http://www.boost.org/users/news/boost_locale_security_notice.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:065 http://www.openwall.com/lists/oss-security/2013/02/04/2 http://www.securityfocus • CWE-20: Improper Input Validation •
CVE-2008-0171 – boost regular expression memory corruption flaws
https://notcve.org/view.php?id=CVE-2008-0171
regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression. regex/v4/perl_matcher_non_recursive.hpp en la librería de expresiones regulares (también conocido como Boost.Regex) de Boost 1.33 y 1.34 permite a atacantes remotos dependientes de contexto provocar una denegación de servicio (fallo de aserción y caída) mediante una expresión regular inválida. • http://bugs.gentoo.org/show_bug.cgi?id=205955 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/28511 http://secunia.com/advisories/28527 http://secunia.com/advisories/28545 http://secunia.com/advisories/28705 http://secunia.com/advisories/28860 http://secunia.com/advisories/28943 http://secunia.com/advisories/29323 http://secunia.com/advisories/48099 http://svn.boost.org/trac/boost/changeset/42674 http://svn.boost • CWE-20: Improper Input Validation •
CVE-2008-0172 – boost regular expression NULL dereference flaw
https://notcve.org/view.php?id=CVE-2008-0172
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. La función get_repeat_type en basic_regex_creator.hpp de la librería de expresiones regulares (también conocido como Boost.Regex) de Boost 1.33 y 1.34 permite a atacantes remotos dependientes de contexto provocar una denegación de servicio (referencia nula y caída) mediante una expresión regular inválida. • http://bugs.gentoo.org/show_bug.cgi?id=205955 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/28511 http://secunia.com/advisories/28527 http://secunia.com/advisories/28545 http://secunia.com/advisories/28705 http://secunia.com/advisories/28860 http://secunia.com/advisories/28943 http://secunia.com/advisories/29323 http://secunia.com/advisories/48099 http://svn.boost.org/trac/boost/changeset/42674 http://svn.boost • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •