CVE-2017-5934

CVE-2017-5934 affects MoinMoin GUI editor’s link dialogue prior to version 1.9.10, where input sanitization weaknesses allow remote XSS. The issue arises in the GUI editor’s link dialogue, enabling an attacker to inject arbitrary script/HTML via unspecified vectors. Public references across advis...

SemCMS foreign trade website php version we***.php file has SQL injection vulnerability

SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox , google, 360 and other mainstream browsers.SemCms php version written in php language, combined with apache, in window, or linux system to run...

[SECURITY] Fedora 26 Update: php-7.1.17-1.fc26

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Cross site scripting

Cross-site scripting XSS vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter...

Cross-site Scripting (XSS)

Dolibarr is vulnerable to cross-site scripting XSS attacks. The QUERYSTRING parameter is not escaped for pages being called with ajax. This allows attackers to inject and execute arbitrary webscript...

Google Maps Plugin Cross-Site Scripting Vulnerability in Joomla!

Joomla! Google Maps is a Joomla! module or component that displays Google Maps on one or more content pages. A cross-site scripting vulnerability in the Joomla! Google Maps plugin allows remote attackers to inject arbitrary web script or HTML via xmlns parameters...

Microsoft Exchange Server Cross-Site Scripting Vulnerability (CNVD-2017-15997)

Microsoft Exchange Server is a set of e-mail service programs from Microsoft, which provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A cross-site scripting vulnerability exists in Microsoft Exchange Server that stems from Microsoft Exchange Outlook Web Acce...

PHP 'gd_gif_in.c' Memory Corruption Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A memory corruption vulnerability exists in PHP 'gdgifin.c'. An attacker could exploit this vulnerability to achieve a denial of service or caus...

PHP 'wddx.c' Null Pointer Reference Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

PHP wddx module release re-reference vulnerability

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A heap block release dereference vulnerability exists in the phpwddxpushelement function of the PHP wddx module, which could allow a remote attacker to execute arbitrary co...

UBUNTU-CVE-2016-7416

ext/intl/msgformat/msgformatformat.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via ...

PHP 'mbc_to_code()' Function Stack Buffer Overflow Vulnerability

PHP is an open source general-purpose computer scripting language. A stack buffer overflow vulnerability exists in the PHP 'mbctocode' Function, which allows an attacker to exploit the vulnerability to execute arbitrary code in the context of an affected application, or a failed attack will resul...

PHP: sets environmental variable based on user supplied Proxy request header

It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request...

PHP: sets environmental variable based on user supplied Proxy request header

It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request...

UBUNTU-CVE-2016-6297

Integer overflow in the phpstreamzipopener function in ext/zip/zipstream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a crafted zip:// URL...

The vulnerability of the PHP interpreter allows a remote attacker to gain access to memory areas beyond the application’s boundaries, or cause the application to terminate abnormally.

The vulnerability of the PHP interpreter in the mconvert function located in the Fileinfo component’s script, softmagic.c causes an error in the pointer to the field that stores the length of the string under certain copy scenarios. As a result, a malicious actor can gain access to memory areas...

CVE-2016-1222

CVE-2016-1222 affects Kobe Beauty’s php-contact-form, where a cross-site scripting (XSS) vulnerability exists in versions prior to 2016-05-18. The issue allows an attacker to inject arbitrary script or HTML through a crafted URI (CWE-79). Public sources (JVN/JVNDB) classify the impact as arbitrar...

UBUNTU-CVE-2015-8879

The odbcbindcols function in ext/odbc/phpodbc.c in PHP before 5.6.12 mishandles driver behavior for SQLWVARCHAR columns, which allows remote attackers to cause a denial of service application crash in opportunistic circumstances by leveraging use of the odbcfetcharray function to access a certain...

PHP GD Component Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.GD is one of the graphical extensions library component. A denial of service vulnerability exists in the GD componen...

PHP pcnt_exec() function security bypass vulnerability

PHP is a general-purpose web programming language. The PHP pcntexec function accepts null values in paths and is vulnerable to a security bypass vulnerability. A remote attacker can submit special values to bypass security controls on path values...