CVE-2024-7457
- EPSS 0.03%
- Veröffentlicht 10.06.2025 23:19:47
- Zuletzt bearbeitet 12.06.2025 16:06:20
The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights() using its own privile...
CVE-2024-32231
- EPSS 2.64%
- Veröffentlicht 15.08.2024 18:15:19
- Zuletzt bearbeitet 10.07.2025 15:42:03
Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter.
CVE-2008-4590
- EPSS 0.41%
- Veröffentlicht 16.10.2008 18:00:01
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php.
CVE-2008-4080
- EPSS 1.34%
- Veröffentlicht 15.09.2008 15:14:07
- Zuletzt bearbeitet 09.04.2025 00:30:58
SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.ph...
CVE-2008-4081
- EPSS 2.26%
- Veröffentlicht 15.09.2008 15:14:07
- Zuletzt bearbeitet 09.04.2025 00:30:58
admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.