by The CodePunker
(21 votes) / 8330 users
The **tERMINAL** interprets instructions given through a command line interface simulator. If you want anything from it you will need to type it down. You can start by accessing the help section. To do this type 'man' and then hit Enter/Return. The app is not a real terminal so don't expect to run commands like "
chmod" or "
rm -Rf" ... instead you can try the
yoda or the
do --harlemshake commands :).
The current command sent to the tERMINAL is: "security vulnerabilities time line"
|2019-04-17||An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.||Read More|
|2019-04-17||An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.||Read More|
|2019-04-16||The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.||Read More|
|2019-04-16||SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.||Read More|
|2019-03-31||An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.||Read More|
|2019-03-31||An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.||Read More|
|2019-03-31||An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.||Read More|
|2019-01-04||In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php.||Read More|
|2018-11-05||An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.||Read More|
|2018-10-31||Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.||Read More|
|2018-10-18||SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.||Read More|
|2018-10-18||Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.||Read More|
|2018-10-18||feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php.||Read More|
|2018-10-18||Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.||Read More|
|2018-10-18||PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.||Read More|
|2018-10-17||Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.||Read More|
|2018-10-16||WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.||Read More|
|2018-10-16||SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.||Read More|
|2018-10-09||The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.||Read More|
|2018-10-04||Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.||Read More|