CVE-2026-40332

Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...

CVE-2018-25155 Teradek Slice 7.3.15 Cross-Site Request Forgery via Password Change

Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user...

CVE-2018-25155 Teradek Slice 7.3.15 Cross-Site Request Forgery via Password Change

Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user...

CVE-2018-25155

Summary: CVE-2018-25155 affects Teradek Slice 7.3.15 with a cross-site request forgery vulnerability that lets an attacker change the administrator password without proper request validation. An attacker can lure a logged-in user to view a malicious page that auto-submits password-change requests...

Teradek Slice 安全漏洞

Teradek Slice is a rackmount video decoder from Teradek. A security vulnerability exists in Teradek Slice version 7.3.15, which stems from vulnerability to a cross-site request forgery attack that could result in a change of the administrator password...

RHSA-2025:16667 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.15 security update

Bulletin has no description...

CVE-2023-52144

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through 7.3.15...

BIT-PHP-2020-7063 Files added to tar with Phar::buildFromIterator have all-access permissions

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...

WordPress Product Feed Manager Plugin <= 7.3.15 is vulnerable to Directory Traversal

Software Product Feed Manager Type Plugin Vulnerable versions = 7.3.15 Fixed in 7.3.16 OWASP Top 10 A4: Insecure Design Classification Directory Traversal CVE CVE-2023-52144 Patch priority Low CVSS severity Low 5.5 Developer WPFunnels Team PSID 19683c0fecc1 Credits Muhammad Daffa Required privile...

PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection

Exploit Title: PHP 7.3.15-3 - 'PHPSESSIONUPLOADPROGRESS' Session Data Injection Date: 26/7/2021 Exploit Author: SiLvER | Faisal Alhadlaq Tested on: PHP Version is 7.3.15-3 This poc will abusing PHPSESSIONUPLOADPROGRESS then will trigger race condition to get remote code execution, the script will...

PHP 7.3.x < 7.3.15 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is prior to 7.2.28, 7.3.x prior to 7.3.15, or 7.4.x prior to 7.4.3. It is, therefore, affected by multiple vulnerabilities: - A heap buffer overflow exists in pharextractfile. CVE-2020-7061 - A null pointer dereference...

Fedora 30 : php (2020-4ea970ebc6)

PHP version 7.3.15 20 Feb 2020 Core: - Fixed bug php71876 Memory corruption htmlspecialchars: charset ' not supported. Nikita - Fixed bug php79146 cscript can fail to run on some systems. clarodeus - Fixed bug php78323 Code 0 is returned on invalid options. Ivan Mikheykin - Fixed bug php76047...

PHP 7.2.x < 7.2.28 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is prior to 7.2.28, 7.3.x prior to 7.3.15, or 7.4.x prior to 7.4.3. It is, therefore, affected by multiple vulnerabilities: - A heap buffer overflow exists in pharextractfile. CVE-2020-7061 - A null pointer dereference...

CVE-2020-7061

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...

PHP 7.3.x < 7.3.15, 7.4.x < 7.4.3 Multiple Vulnerabilities (Feb 2020) - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PT-2020-19365 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.14 PHP versions 7.4.x through 7.4.2 Description: The issue arises when extracting PHAR files on Windows using the phar extension. Certain content inside a PHAR file could lead to a one-byte read past the allocat...

Teradek Slice 7.3.15 CSRF Change Password Exploit

Summary Built on the award-winning Cube platform, Slice is a rack mount HEVC / H.264 codec designed to fit seamlessly into your broadcast studio. Like the Cube, Slice encoders and decoders includes 3G-SDI and HDMI I/O, Ethernet and WiFi connectivity, and full duplex IFB. Description The applicati...

Teradek T-RAX 7.3.2 (snapshot.cgi) Stream Disclosure

Summary T-RAX is a high-density enterprise-grade H.264 platform that encodes, decodes, and streams video at broadcast quality. Description T-RAX suffers from an unauthenticated and unauthorized live stream disclosure when snapshot.cgi script is called. Vendor Teradek, LLC - https://www.teradek.co...

Teradek Slice 7.3.15 (snapshot.cgi) Stream Disclosure

Summary Built on the award-winning Cube platform, Slice is a rack mount HEVC / H.264 codec designed to fit seamlessly into your broadcast studio. Like the Cube, Slice encoders and decoders includes 3G-SDI and HDMI I/O, Ethernet and WiFi connectivity, and full duplex IFB. Description Slice suffers...

Teradek Cube 7.3.6 CSRF Change Password Exploit

Summary Cube packs world-class video quality into a rugged, portable chassis for quick IP video deployments at any location. Each encoder and decoder includes HDMI and 3G-SDI I/O, Ethernet / WiFI connectivity, and full duplex IFB. Description The application interface allows users to perform...