Lucene search
+L

58 matches found

GithubExploit
GithubExploit
added 2025/05/31 1:39 p.m.459 views

Exploit for Path Traversal in Oxidized_Web_Project Oxidized_Web

CVE-2025-27590 - PoC Exploit Command Injection via Multipart...

9.8CVSS8.2AI score0.26338EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2025/02/14 7:6 a.m.4 views

SUSE CVE-2023-0662

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space...

7.5CVSS7AI score0.01408EPSS
Exploits0References8
OSV
OSV
added 2025/01/14 7:20 p.m.14 views

BIT-PHP-MIN-2023-0662 DoS vulnerability when parsing multipart request body

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space...

7.5CVSS7.8AI score0.01408EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2024/09/02 12:0 a.m.217 views

Hostel Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : hostel management system 1.0 arbitrary file upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
OSV
OSV
added 2024/07/08 4:15 p.m.4 views

CVE-2023-34435

A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker can provide a malicious file to trigger this vulnerability...

7.2CVSS5.9AI score0.00471EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/06/30 2:0 p.m.6 views

The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows when using the built-in HTTP form-based file upload mechanism via the mg_handle_form_request API. Web applications that use the file upload form handler and use parts of the user-controlled filename in the output path are susceptible to directory traversal

...

9.8CVSS7.5AI score0.03138EPSS
Exploits1
Amazon
Amazon
added 2023/12/04 12:0 a.m.10 views

Important: php

Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state...

9.8CVSS8.2AI score0.06261EPSS
Exploits3
Amazon
Amazon
added 2023/09/13 12:0 a.m.7 views

Important: php

Issue Overview: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS7.3AI score0.01408EPSS
Exploits2
Amazon
Amazon
added 2023/09/13 12:0 a.m.6 views

Important: php

Issue Overview: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS7.3AI score0.01408EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2023/09/13 12:0 a.m.47 views

Amazon Linux 2 : php (ALASPHP8.2-2023-001)

The version of php installed on the remote host is prior to 8.2.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2023-001 advisory. 2023-09-14: CVE-2023-0568 was added to this advisory. In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before...

8.1CVSS7.2AI score0.01408EPSS
Exploits2References8
OSV
OSV
added 2023/09/09 11:5 a.m.5 views

OESA-2023-1622 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS6.9AI score0.08003EPSS
Exploits6References8
OSV
OSV
added 2023/09/09 11:5 a.m.5 views

OESA-2023-1621 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS6.9AI score0.08003EPSS
Exploits6References8
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.50 views

EulerOS 2.0 SP8 : php (EulerOS-SA-2023-2196)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. I...

8.1CVSS7.2AI score0.01831EPSS
Exploits2References5
F5 Networks
F5 Networks
added 2023/05/01 7:6 p.m.50 views

K000133753: PHP vulnerability CVE-2023-0662

Security Advisory Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU...

7.5CVSS6.9AI score0.01408EPSS
Exploits0Affected Software12
Mageia
Mageia
added 2023/04/06 9:20 p.m.37 views

Updated libapreq2 packages fix security vulnerability

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. CVE-2022-22728...

7.5CVSS7.6AI score0.04712EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.834 views

Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2023-139)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-139 advisory. In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the passwo...

8.1CVSS7.2AI score0.01408EPSS
Exploits2References8
OSV
OSV
added 2023/02/28 2:18 p.m.4 views

USN-5902-1 php7.2, php7.4, php8.1 vulnerabilities

It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. CVE-2023-0567 It was discovered that PHP incorrectly handled resolving long paths. A remot...

8.1CVSS6.7AI score0.01408EPSS
Exploits2References4
Mageia
Mageia
added 2023/02/27 8:27 p.m.58 views

Updated php packages fix security vulnerability

The passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. CVE-2023-0567 The core path resolution function allocates a buffer one byte too...

8.1CVSS7.4AI score0.01408EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/02/25 12:0 a.m.38 views

SUSE SLES15: apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc (SUSE-SU-2023:0514-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0514-1 advisory. - CVE-2023-0568: Fixed NULL byte off-by-one in phpcheckspecificopenbasedir bnc1208366. - CVE-2023-0662: Fixed DoS...

8.1CVSS6.7AI score0.01408EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2023/02/25 12:0 a.m.52 views

SUSE SLES12: apache2-mod_php74 / php74 / php74-bcmath / php74-bz2 / etc (SUSE-SU-2023:0515-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0515-1 advisory. - CVE-2023-0568: Fixed NULL byte off-by-one in phpcheckspecificopenbasedir bnc1208366. - CVE-2023-0662: Fixed DoS vulnerability whe...

8.1CVSS6.7AI score0.01408EPSS
Exploits2References10
Rows per page
Query Builder