14 results (0.012 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is ba2f71ad3a46e5949ee0c510b544fa4ea973baaa. • https://github.com/mauriciosoares/ss15-this-is-sparta/commit/ba2f71ad3a46e5949ee0c510b544fa4ea973baaa https://github.com/mauriciosoares/ss15-this-is-sparta/pull/1 https://vuldb.com/?ctiid.217624 https://vuldb.com/?id.217624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions. La extensión Crypt_GPG versiones anteriores a 1.6.7 para PHP, no evita las opciones adicionales en las llamadas GPG, lo que presenta un riesgo para determinados entornos y versiones de GPG • https://github.com/pear/Crypt_GPG/commit/29c0fbe96d0d4063ecd5c9a4644cb65a7fb7cc4e https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 9.8EPSS: 8%CPEs: 15EXPL: 0

PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression. PEAR HTML_AJAX 0.3.0 hasta la versión 0.5.7 tiene una vulnerabilidad de Inyección de objetos PHP en el PHP Serializer. Permite la ejecución remota de código. • http://blog.pear.php.net/2017/02/02/security-html_ajax-058 http://karmainsecurity.com/KIS-2017-01 http://seclists.org/fulldisclosure/2017/Feb/12 http://www.securityfocus.com/bid/96044 https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5acb5adcd195f9a06b732794cb0de7620def646 https://pear.php.net/bugs/bug.php?id=21165 •

CVSS: 6.8EPSS: 3%CPEs: 2EXPL: 1

Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023. Vulnerabilidad de inyección de argumento en Mail/sendmail.php en Mail package v1.1.14, v1.2.0b2, y probablemente otras versiones para PEAR permite a atacantes remotos leer y escribir archivos de su elección a través del parámetro $recipients manipulado y probablemente otros parámetros, una vulnerabilidad diferente que CVE-2009-4023. • http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html http://pear.php.net/bugs/bug.php?id=16200 http://secunia.com/advisories/37458 http://www.debian.org/security/2009/dsa-1938 http://www.openwall.com/lists/oss-security/2009/11/23/8 http://www.openwall.com/lists/oss-security/2009/11/28/2 http://www.securityfocus.com/bid/37395 https://bugs.gentoo.org/show_bug.cgi?id=294256 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1

Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111. Vulnerabilidad de inyección de argumento en la implementación sendmail del método Mail::Send (Mail/sendmail.php) en el paquete Mail v1.1.14 para for PEAR, permite a atacantes remotos leer y escribir ficheros de su elección a través de un parámetro $from, es un vector distinto a CVE_2009-4111. • http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html http://pear.php.net/bugs/bug.php?id=16200 http://pear.php.net/bugs/bug.php?id=16200&edit=12&patch=quick-fix&revision=1241757412 http://secunia.com/advisories/37410 http://secunia.com/advisories/37458 http://svn.php.net/viewvc/pear/packages/Mail/trunk/Mail/sendmail.php?r1=243717&r2=280134 http://www.debian.org/security/2009/dsa-1938 http://www.openwall.com/lists/oss-security/2009/11/23/8 http • CWE-94: Improper Control of Generation of Code ('Code Injection') •