exploit the possibilities
Showing 1 - 21 of 21 RSS Feed

Files

SensioLabs Symfony 3.3.6 Cross Site Scripting
Posted Jun 9, 2018
Authored by HaMM0nz

SensioLabs Symfony version 3.3.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-12040
MD5 | c2146dcabb8e4fbb8941ce5b5e3b88e5

Related Files

Debian Security Advisory 4573-1
Posted Nov 19, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4573-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization.

tags | advisory, php, vulnerability, code execution
systems | linux, debian
advisories | CVE-2019-18887, CVE-2019-18888, CVE-2019-18889
MD5 | acccbf4720ec0e008144ea8d17fd7c82
Debian Security Advisory 4441-1
Posted May 10, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4441-1 - Multiple vulnerabilities were discovered in the Symfony PHP framework which could lead to cache bypass, authentication bypass, information disclosure, open redirect, cross-site request forgery, deletion of arbitrary files, or arbitrary code execution.

tags | advisory, arbitrary, php, vulnerability, code execution, info disclosure, csrf
systems | linux, debian
advisories | CVE-2018-14773, CVE-2018-19789, CVE-2018-19790, CVE-2019-10909, CVE-2019-10910, CVE-2019-10911, CVE-2019-10912, CVE-2019-10913
MD5 | 3994cc57d484b31139739cf58d57a4a5
Pimcore Unserialize Remote Code Execution
Posted Apr 29, 2019
Authored by Daniele Scanu, Fabio Cogno | Site metasploit.com

This Metasploit module exploits a PHP unserialize() in Pimcore before 5.7.1 to execute arbitrary code. An authenticated user with "classes" permission could exploit the vulnerability. The vulnerability exists in the "ClassController.php" class, where the "bulk-commit" method makes it possible to exploit the unserialize function when passing untrusted values in "data" parameter. Tested on Pimcore 5.4.0-5.4.4, 5.5.1-5.5.4, 5.6.0-5.6.6 with the Symfony unserialize payload. Tested on Pimcore 4.0.0-4.6.5 with the Zend unserialize payload.

tags | exploit, arbitrary, php
advisories | CVE-2019-10867
MD5 | 79730eefdd4acca72b854fb1e724225e
Symfony 1.4.17 Database Disclosure
Posted Dec 11, 2018
Authored by KingSkrupellos

Symfony version 1.4.17 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 7fc12be8e2d50839a3299488ede26593
Debian Security Advisory 4262-1
Posted Aug 6, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4262-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to open redirects, cross-site request forgery, information disclosure, session fixation or denial of service.

tags | advisory, denial of service, php, vulnerability, info disclosure, csrf
systems | linux, debian
advisories | CVE-2016-2403, CVE-2017-1665, CVE-2017-16653, CVE-2017-16654, CVE-2017-16790, CVE-2018-11385, CVE-2018-11386, CVE-2018-11406
MD5 | 9d90561cb123024abe81fc4647a6aff3
Symfony Remote Information Disclosure
Posted Jul 27, 2018
Authored by Abdeljalil Nouiri

Symfony versions prior to 2.7.13 suffer from a remote information disclosure vulnerability when app_dev is enabled.

tags | exploit, remote, info disclosure
MD5 | 24ccf4690feb930cce80b458f01201c7
Symfony PdoSessionHandler Denial Of Service
Posted May 25, 2018
Authored by Federico Stange

Symfony versions 2.7.0 up to but not including 4.0.10 suffer from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 4a5da39e598d6b9e2c67117935f6ce7c
Debian Security Advisory 3588-1
Posted May 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3588-1 - Two vulnerabilities were discovered in Symfony, a PHP framework.

tags | advisory, php, vulnerability
systems | linux, debian
advisories | CVE-2016-1902, CVE-2016-4423
MD5 | d28d63e37452477f21005869bbc23747
Symfony PHP Framework Session Fixation
Posted Dec 22, 2015
Site redteam-pentesting.de

Symfony PHP Framework versions 2.3.0 to 2.3.34, 2.6.0 to 2.6.11, and 2.7.0 to 2.7.6 suffers from a session fixation vulnerability.

tags | exploit, php
MD5 | 138f42db20a47c0774b33edb77b6c610
Debian Security Advisory 3402-1
Posted Nov 24, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3402-1 - Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2015-8124, CVE-2015-8125
MD5 | 87cef841360eff0c5369cdebb0a0f455
Debian Security Advisory 3276-1
Posted Jun 1, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3276-1 - Jakub Zalas discovered that Symfony, a framework to create websites and web applications, was vulnerable to restriction bypass. It was affecting applications with ESI or SSI support enabled, that use the FragmentListener. A malicious user could call any controller via the /_fragment path by providing an invalid hash in the URL (or removing it), bypassing URL signing and security rules.

tags | advisory, web
systems | linux, debian
advisories | CVE-2015-4050
MD5 | d753c425fb7ec9c9fafe60d201d34957
Gentoo Linux Security Advisory 201405-25
Posted May 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-25 - A vulnerability in Symfony may allow remote attackers to read arbitrary files. Versions less than 1.4.20 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2012-5574
MD5 | 0d53830a03c7c7ab229d741ed8313ce4
Secunia Security Advisory 51980
Posted Jan 29, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Symfony, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
MD5 | 5efd6b89cfa6fd27671986f099442833
Secunia Security Advisory 51662
Posted Jan 2, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Symfony, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | 2207a3ecbc0d7f31866bba2952b5837d
Secunia Security Advisory 51660
Posted Jan 2, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Symfony, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | ae6aa5316a53fd6ec577a6e3165243b2
Secunia Security Advisory 51372
Posted Nov 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Symfony, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory
MD5 | 7b5a98fa91585bd9ab130889abbf8463
swfupload_f8.swf Cross Site Scripting
Posted Nov 21, 2012
Authored by MustLive

swfupload_f8.swf suffers from a cross site scripting vulnerability. Affected systems are TinyMCE, Squeeze Documents for SPIP, Upload Manager for Radiant CMS, AionWeb, Liferay Portal (Community Edition, which earlier was called Standard Edition, and Enterprise Edition), SurgeMail, and symfony.

tags | exploit, xss
MD5 | fc2153033bdfe782f1329e95b4ce1f9c
Secunia Security Advisory 49312
Posted Jun 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Symfony, which can be exploited by malicious people to conduct session fixation attacks.

tags | advisory
MD5 | 7164676bc3ad23466a8885ae6f187c29
Secunia Security Advisory 48170
Posted Mar 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sense of Security has discovered a vulnerability in Symfony, which can be exploited by malicious people to potentially disclose sensitive information.

tags | advisory
MD5 | bc06cd705f21f84c0e63f3297d6d8bb2
Symfony 2 Unauthenticated Information Disclosure
Posted Mar 5, 2012
Authored by Phil Taylor | Site senseofsecurity.com.au

The XMLEncoder component of Symfony version 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system. Any application written in Symfony2 that parses user supplied XML is affected.

tags | exploit, arbitrary
MD5 | 25422ac3ad1a1e33468748e7c50a4469
sfWpCumulusPlugin For Symphony Cross Site Scripting
Posted Mar 16, 2011
Authored by MustLive

sfWpCumulusPlugin for Symfony suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c1906c3979b7599a25de515974a9372d
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    8 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close