Lucene search
+L

40 matches found

OSV
OSV
added 2024/05/31 11:8 a.m.3 views

OESA-2024-1669 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

6.5CVSS6.8AI score0.0148EPSS
Exploits1References2
OSV
OSV
added 2024/05/17 11:8 a.m.5 views

OESA-2024-1592 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

6.5CVSS6.8AI score0.0148EPSS
Exploits1References2
OSV
OSV
added 2024/05/17 11:8 a.m.6 views

OESA-2024-1596 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

6.5CVSS6.8AI score0.0148EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/05/15 2:29 a.m.4 views

SUSE CVE-2024-34340

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls compatpasswordhash when users set their password. compatpasswordhash use passwordhash if there is it, else use md5. When verifying password, it calls compatpasswordverify. In...

9.1CVSS7AI score0.01119EPSS
Exploits1References5
OSV
OSV
added 2024/05/14 3:38 p.m.2 views

DEBIAN-CVE-2024-34340

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls compatpasswordhash when users set their password. compatpasswordhash use passwordhash if there is it, else use md5. When verifying password, it calls compatpasswordverify. In...

9.1CVSS8.4AI score0.01119EPSS
Exploits1References1
OSV
OSV
added 2024/05/14 3:38 p.m.3 views

UBUNTU-CVE-2024-34340

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls compatpasswordhash when users set their password. compatpasswordhash use passwordhash if there is it, else use md5. When verifying password, it calls compatpasswordverify. In...

9.1CVSS7.3AI score0.01119EPSS
Exploits1References4
Amazon
Amazon
added 2024/05/13 12:0 a.m.5 views

Important: php8.1

Issue Overview: The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cook...

6.5CVSS7.2AI score0.49336EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.3 views

PT-2024-25797 · Cacti +3 · Cacti +3

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. The issue lies in the compat password verify function, where md5-hashed user input is compared with the correct password in t...

9.8CVSS6.3AI score0.99826EPSS
Exploits132References199
OSV
OSV
added 2024/04/29 4:15 a.m.10 views

AZL-40061 CVE-2024-3096 affecting package php for versions less than 8.3.6-1

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...

6.5CVSS6.4AI score0.0148EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.3 views

PHP 安全漏洞

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP where a password stored using the passwordhash function begins with a null byte x00, and testing a blank string as the password via the passwordverify function will incorrectly return true. the...

6.5CVSS5.4AI score0.0148EPSS
Exploits1References6
OSV
OSV
added 2024/04/25 5:27 p.m.10 views

CLSA-2024-1714066065 Fix CVE(s): CVE-2024-3096

SECURITY UPDATE: improper handling of user input vulnerability - debian/patches/CVE-2024-3096.patch: Disallow null character in bcrypt password to prevent passwordverify from erroneously returning true - CVE-2024-3096...

6.5CVSS6.4AI score0.0148EPSS
Exploits1References1
OSV
OSV
added 2024/04/16 12:0 a.m.4 views

UBUNTU-CVE-2024-3096

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...

6.5CVSS6.3AI score0.0148EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/10/19 1:19 p.m.4 views

php: Password_verify() always return true with some hash

A vulnerability was found in PHP. This security flaw occurs when malformatted BCrypt hashes that include a $ within their salt part trigger a buffer overread and may erroneously validate any password as valid...

8.1CVSS7.4AI score0.00944EPSS
Exploits1References5
Amazon
Amazon
added 2023/09/13 12:0 a.m.7 views

Important: php

Issue Overview: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS7.3AI score0.01408EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2023/03/01 8:15 a.m.4 views

CVE-2023-0567

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS6.6AI score0.00944EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/02/15 12:0 a.m.5 views

UBUNTU-CVE-2023-0567

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS6.6AI score0.00944EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/02/15 12:0 a.m.143 views

Slackware Linux 15.0 / current php Multiple Vulnerabilities (SSA:2023-045-02)

The version of php installed on the remote host is prior to 7.4.33 / 8.0.28 / 8.1.16. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-045-02 advisory. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function...

8.1CVSS7.2AI score0.01408EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2023/01/05 12:0 a.m.4 views

PT-2023-9407 · Php +10 · Php +10

Name of the Vulnerable Software and Affected Versions: PHP versions 8.0.0 through 8.0.27 PHP versions 8.1.0 through 8.1.15 PHP versions 8.2.0 through 8.2.2 Description: The issue is related to the password verification function in PHP, which may accept some invalid Blowfish hashes as valid. If su...

9.8CVSS6.8AI score0.3786EPSS
Exploits76References188
BDU FSTEC
BDU FSTEC
added 2022/04/15 12:0 a.m.8 views

The vulnerability of the /cloud_config/router_post/check_reset_pwd_verify_code function in TP-LINK’s WR-886N router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the /cloudconfig/routerpost/checkresetpwdverifycode function in TP-LINK’s WR-886N router software arises due to buffer overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS8.3AI score0.01755EPSS
Exploits1References3
CNVD
CNVD
added 2016/10/24 12:0 a.m.2 views

PHP 'password_verify()' function out-of-bounds read denial of service vulnerability

PHP is a popular general-purpose scripting language that is particularly well suited for web development. A denial of service vulnerability exists in the PHP 'passwordverify' function. An attacker can exploit this vulnerability to cause a denial of service...

6.5AI score
Exploits0References1
Rows per page
Query Builder