Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

11 – 20 of 31 results

CVE-2018-16831

Medium priority

Some fixes available 1 of 2

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.

1 affected packages

smarty3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
smarty3 Not affected Not affected Fixed Not affected
Show less packages

CVE-2017-1000480

Medium priority

Some fixes available 1 of 2

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.

1 affected packages

smarty3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
smarty3 Not affected Not affected Not affected Fixed Vulnerable
Show less packages

CVE-2014-8350

Medium priority
Ignored

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.

4 affected packages

gallery2, moodle, smarty, smarty3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery2 Not in release Not in release
moodle Not affected Not affected
smarty Not in release Not in release
smarty3 Not affected Not affected
Show less packages

CVE-2012-4437

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.

4 affected packages

gallery2, moodle, smarty, smarty3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery2 Not in release
moodle Not affected
smarty Not in release
smarty3 Not affected
Show less packages

CVE-2012-4277

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script...

1 affected packages

smarty3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
smarty3 Not affected
Show less packages

CVE-2012-1066

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in the template module in SmartyCMS 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the title bar.

3 affected packages

gallery2, moodle, smarty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery2 Not in release
moodle Not affected
smarty Not in release
Show less packages

CVE-2010-4727

Low priority
Ignored

Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors.

3 affected packages

gallery2, moodle, smarty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery2 Not in release
moodle Not affected
smarty Not in release
Show less packages

CVE-2010-4726

Low priority
Ignored

Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669.

3 affected packages

gallery2, moodle, smarty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery2 Not in release
moodle Not affected
smarty Not in release
Show less packages

CVE-2010-4725

Low priority
Ignored

Smarty before 3.0.0 RC3 does not properly handle an on value of the asp_tags option in the php.ini file, which has unspecified impact and remote attack vectors.

3 affected packages

gallery2, moodle, smarty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery2 Not in release
moodle Not affected
smarty Not in release
Show less packages

CVE-2010-4724

Low priority
Ignored

Multiple unspecified vulnerabilities in the parser implementation in Smarty before 3.0.0 RC3 have unknown impact and remote attack vectors.

3 affected packages

gallery2, moodle, smarty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery2 Not in release
moodle Not affected
smarty Not in release
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. Next page
Export to JSON