129 matches found
CVE-2026-12116
CVE-2026-12116 affects Xerte Online Toolkits. The vulnerability allows remote code execution by editing the antivirus binary path in the tools server configuration to point to a PHP interpreter, causing any uploaded PHP data to execute. Affected product: Xerte Online Toolkits (open‑source e‑learn...
EUVD-2026-42582
A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed...
Xerte Online Toolkit contains an authentication bypass that allows for RCE
Overview Two vulnerabilities have been discovered in Xerte Online Toolkits, an open-source e-learning authoring toolsuite intended for the creation of learning materials within a web browser. CVE-2026-14261 tracks the persistence of the /setup/ directory after installation, which allows an...
ROS-20250822-23
A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...
CVE-2022-24637
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '...
The vulnerabilities of the functions php_libxml_input_buffer_create_filename() and php_libxml_sniff_charset_from_stream() in the PHP interpreter allow a hacker to redirect users to any desired URL address.
The vulnerabilities of the functions phplibxmlinputbuffercreatefilename and phplibxmlsniffcharsetfromstream in the PHP interpreter are related to the use of open redirection. Exploiting these vulnerabilities could allow a malicious actor to redirect users to any desired URL address...
Linux Distros Unpatched Vulnerability : CVE-2017-11144
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing...
The vulnerability of the convert.quoted-printable-decode filter in the PHP programming language interpreter allows a hacker to trigger a service failure.
The vulnerability of the convert.quoted-printable-decode filter in the PHP programming language interpreter is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
ROS-20241015-14
A vulnerability in the PHP programming language interpreter exists due to a failure to take measures to neutralize the special elements. Exploitation of the vulnerability could allow an attacker acting remotely to Affect the confidentiality, integrity, and availability of protected information...
ROS-20241015-11
A vulnerability in the PHP programming language interpreter exists due to a failure to neutralize special elements. special elements. Exploitation of the vulnerability could allow an attacker acting remotely to Affect the confidentiality, integrity, and availability of protected information...
K000141355: Multiple PHP vulnerabilities
Security Advisory Description CVE-2016-4342 ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact v...
The vulnerability of the PHP programming language interpreter arises from the failure to address the issue of eliminating special elements that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the PHP programming language interpreter exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
ROS-20240816-10
A vulnerability in the PHP programming language interpreter is related to the erroneous handling of cookies due to the replacement of spaces, dots, and open square brackets with underscores. as a result of replacing spaces, periods and open square brackets with underscores. Exploitation...
ROS-20240816-16
A vulnerability in the opensslprivatedecrypt function of the PKCS1 Padding Handler component of the PHP programming language interpreter is related to the use of a version of OpenSSL that incorporates changes from the request. PHP programming language interpreter is related to the use of a versio...
ROS-20240816-11
A vulnerability in the procopen function of the PHP programming language interpreter exists due to a failure to take measures to neutralize special elements used by the operating system. to neutralize special elements used in the operating system command. Exploitation exploitation of the...
ROS-20240730-07
A vulnerability in the PHP interpreter is related to improper input validation. Exploitation of the vulnerability could allow an attacker acting remotely to install a standard, unsafe cookie in the victim's browser. insecure cookie...
The vulnerability of the phar_dir_read() function in the PHP interpreter allows a hacker to execute arbitrary code.
The vulnerability of the phardirread function in the PHP interpreter arises due to an overflow in the stack buffer. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Vulnerability of PHP, C++, Swift, and Node.js drivers of the MongoDB database management system, related to the exposure of protected information, allowing attackers to gain unauthorized access to protected information.
Vulnerabilities in PHP, C++, Swift, and Node.js drivers of the MongoDB database management system, as well as the PHP programming language interpreter, can lead to the exposure of protected information. Exploiting these vulnerabilities can allow attackers to gain unauthorized access to protected...
Open Web Analytics 1.7.3 - Remote Code Execution (RCE)
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with ' use exploit/multi/http/openwebanalyticsrce msf...
CVE-2022-40797
Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDENUPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations...