PHP CGI v5.3.12/5.4.2 Remote Code Execution

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

CVE-2026-1823

creationtimestamp| type| source ---|---|--- 2026-03-07 07:16:10+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-1823 2026-03-07 09:42:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mghjyeglgb2e...

CVE-2025-1823 IBM Jazz Reporting Service Denial of Service

IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...

CVE-2025-1823 IBM Jazz Reporting Service Denial of Service

IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...

MiracleLinux 3 : php-5.1.6-34.0.1.AXS3 (AXSA:2012-548:04)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-548:04 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in...

ECHO-DADF-6239-1823

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2012-1823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php- cgi, does not properly handle query strings that lack a...

CVE-2020-1824

There are multiple out of bounds OOB read vulnerabilities in the implementation of the Common Open Policy Service COPS protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities...

CVE-2020-1821

There are multiple out of bounds OOB read vulnerabilities in the implementation of the Common Open Policy Service COPS protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities...

CVE-2020-1819

There are multiple out of bounds OOB read vulnerabilities in the implementation of the Common Open Policy Service COPS protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities...

CVE-2020-1823

creationtimestamp| type| source ---|---|--- 2024-12-27 10:08:31+00:00| seen| https://infosec.exchange/users/cve/statuses/113724234844968119 2024-12-27 10:08:31+00:00| seen| https://infosec.exchange/users/cve/statuses/113724234827594674 2024-12-27 11:48:47+00:00| seen| https://t.me/cvedetector/137...

CVE-2024-20107

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09124360; Issue ID: MSV-1823...

CVE-2024-20107

CVE-2024-20107 affects MediaTek MT8676 Da component (MediaTek chipsets). It describes an out-of-bounds read due to a missing bounds check, causing local information disclosure without privileges or user interaction. Patch ALPS09124360/Issue MSV-1823 is referenced in multiple sources (NVD/Red Hat)...

curl: Incorrect Encoding Conversion in hostname results in indeterminate SSRF vulnerabilities

Vulnerability description not provided...

PHP-CGI OS Command Injection Vulnerability

PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823...

Exploit for OS Command Injection in Php

CVE-2024-4577 This is a PoC for PHP CVE-2024-4577. Introdu...

PHP 8.1.x < 8.1.29 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.29, 8.2.x prior to 8.2.20, or 8.3.x prior to 8.3.8. It is, therefore, affected by multiple vulnerabilities: - An argument Injection in PHP-CGI with a bypass of CVE-2012-1823...

Slackware: Security Advisory (SSA:2024-158-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] php

New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.29-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: Bypass of CVE-2012-1823, Argument Injection in PHP-CGI...

Slackware Linux 15.0 / current php81 Multiple Vulnerabilities (SSA:2024-158-01)

The version of php81 installed on the remote host is prior to 8.1.29 / 8.3.8. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-158-01 advisory. New php packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...