CVE-2023-52262

outdoorbits little-backup-box aka Little Backup Box before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input...

Number withdrawn

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. This CVE number has been withdrawn...

Juniper Networks Junos OS EX 安全漏洞

Juniper Networks Junos OS EX is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS EX, which is caused by a PHP external variab...

SUSE CVE-2003-1302

The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a 1 To or 2 From header with an address that contains a large number of "" backslash characters...

SUSE CVE-2007-1886

Integer overflow in the strreplace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow."...

SUSE CVE-2009-3546

The gdGetColors function in gdgd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different...

SUSE CVE-2010-1864

The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function, related to the call time pass by reference feature...

SUSE CVE-2010-2225

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function...

SUSE CVE-2010-4645

strtod.c, as used in the zendstrtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service infinite loop via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU...

PHP 安全漏洞

PHP is a scripting language that executes on the server side. A privilege design vulnerability exists in the Chocolatey PHP package v8.1.12 and below, which originates from all users in the Authenticated users group having write access to the subfolder C:\tools\php81 and all files in that folder,...

PT-2022-17348

Name of the Vulnerable Software and Affected Versions Duplicator WordPress plugin versions prior to 1.4.7 Description The issue concerns the lack of authentication or authorization for visitors, allowing them to view sensitive system information, including server software, PHP version, and the fu...

fenom 安全漏洞

fenom is a lightweight and fast PHP template engine. fenom 2.12.1 and earlier versions are vulnerable to code injection, which stems from a failure to properly filter the construct command special characters, commands, etc. in the getTemplateCode function of fenom/src/Fenom/Template.php, which ca...

CVE-2022-25495

The component /jqueryfileupload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file...

USN-5303-1 php7.4, php8.0 vulnerability

It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code...

Sensio Labs Twig 代码代码注入漏洞

Sensio Labs Twig is a PHP template engine from the French company Sensio Labs that supports custom tags and filters and the creation of DSLs. Sensio Labs Twig is vulnerable to injection, which can be exploited by attackers to run arbitrary PHP functions...

elFinder 安全漏洞

elFinder is a set of Drupal-based platform , open source AJAX file manager . The product provides multiple file uploads, image scaling and other features. A security vulnerability exists in ElFinder 2.1.47 and earlier versions, which stems from a command injection vulnerability in the program's P...

CVE-2021-20076

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution RCE on the Tenable.sc server via Hypertext Preprocessor unserialization...

CVE-2021-20076

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution RCE on the Tenable.sc server via Hypertext Preprocessor unserialization...

CVE-2021-20076

CVE-2021-20076 affects Tenable.sc and Tenable.sc Core versions 5.13.0–5.17.0. The vulnerability allows an authenticated, unprivileged user to achieve Remote Code Execution on the Tenable.sc server through PHP unserialization. The available connected documentation consistently describes the issue ...

Tenable SecurityCenter 5.13.0 - 5.17.0 Remote Code Execution (TNS-2021-03)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is in the 5.13.0 through 5.17.0 version range. Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated,...