CVE-2024-7457
- EPSS 0.14%
- Veröffentlicht 10.06.2025 23:19:47
- Zuletzt bearbeitet 15.04.2026 00:35:42
The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights() using its own privile...
CVE-2024-32231
- EPSS 1.18%
- Veröffentlicht 15.08.2024 18:15:19
- Zuletzt bearbeitet 10.07.2025 15:42:03
Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter.
CVE-2008-4590
- EPSS 0.97%
- Veröffentlicht 16.10.2008 18:00:01
- Zuletzt bearbeitet 16.06.2026 22:58:07
Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php.
CVE-2008-4080
- EPSS 3.11%
- Veröffentlicht 15.09.2008 15:14:07
- Zuletzt bearbeitet 16.06.2026 22:57:08
SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.ph...
CVE-2008-4081
- EPSS 2.56%
- Veröffentlicht 15.09.2008 15:14:07
- Zuletzt bearbeitet 16.06.2026 22:57:08
admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.