WordPress Popup Maker Plugin Has Unspecified Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Popup Maker is a popup window plugin used in it. A security vulnerability exists in WordPress Popup Maker plugin versions...

vBulletin Remote Code Execution Vulnerability

vBulletin is a business forum program developed and marketed by Internet Brands and vBulletin Solutions. A remote code execution vulnerability exists in vBulletin, which can be exploited by an attacker to inject and execute arbitrary PHP code...

SugarCRM UpgradeWizard Module PHP Object Injection Vulnerability

SugarCRM is a set of open source customer relationship management software . A PHP object injection vulnerability exists in the UpgradeWizard module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to inject custom PHP code...

SugarCRM Administration Module PHP Code Injection Vulnerability

SugarCRM is a set of open source customer relationship management software . A PHP code injection vulnerability exists in the Administration module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to execute arbitrary code...

ML Code Injection Vulnerability

Discuz!ML is an open source community forum system based on the Discuz!X engine. A security vulnerability exists in Discuz!ML version 3.2 to 3.4. A remote attacker can exploit this vulnerability to execute arbitrary PHP code...

USN-4009-2 php5 vulnerabilities

USN-4009-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP t...

PHP EXIF Extended Buffer Overflow Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems.EXIF extension is one of the...

UBUNTU-CVE-2019-11040

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

baigoStudio baigoSSO Code Injection Vulnerability

baigoStudio baigoSSO is a single sign-on system. A security vulnerability exists in baigoStudio baigoSSO v3.0.1. The vulnerability can be exploited by a remote attacker to execute arbitrary PHP code via the site name field in the base configuration...

HuCart has a file upload vulnerability

HuCart is a PHP+Mysql based enterprise building system CMS that can run on various server platforms such as Linux and Windows. HuCart has a file upload vulnerability that can be exploited by attackers to upload arbitrary files...

PHP Denial of Service Vulnerability (CNVD-2019-00335)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A security vulnerability exists in th...

LAOBANCMS Arbitrary PHP Code Execution Vulnerability

Laoban CMS LAOBANCMS content management system is based on PHP + MYSQL environment developed by the old class of open-source website building system . LAOBANCMS 2.0 has an arbitrary PHP code execution vulnerability. Remote attackers can install/ URI through the host parameter to exploit the...

s-cms SQL Injection Vulnerability

s-cms is a content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in s-cms 3.0. A remote attacker can exploit the vulnerability by providing the '0id' parameter to the member/post.php file or POST data to the member/memberlogin.php file to log into the system...

UBUNTU-CVE-2018-14883

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exifthumbnailextract of exif.c...

PHP GD Graphics Library Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.GD Graphics Library also known as libgd or libgd2 is an open source library for dynamically creating images developed by American software...

Trend Micro OfficeScan Information Disclosure Vulnerability

Trend Micro OfficeScan is a best-of-breed endpoint security solution for mid-sized and large organizations, with a future-proof, resilient architecture that allows you to customize your threat protection and data protection through plug-ins. An information disclosure vulnerability exists in Trend...

Arbitrary file download vulnerability in EasyAdmin /application/index/controller/index.php page

EasyAdmin is a free and open source community program based on the LayUI template, with a ThinkPHP5 framework for backend support. An arbitrary file download vulnerability exists in the EasyAdmin /application/index/controller/index.php page. An attacker can download system configuration files by...

Code Execution Vulnerability in ESPCMS

ESPCMS is an enterprise website management system built on LAMP development. A code execution vulnerability exists in ESPCMS. An attacker can exploit this vulnerability to execute arbitrary php statements...

CMS Made Simple Upload Vulnerability (CNVD-2017-24997)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMSMS version...

PHP Information Disclosure Vulnerability (CNVD-2017-22594)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability exists in PHP versions prior to 5.6.31, 7.x prior to 7.0.21, and 7.1.x prior to 7.1.7, which stems from a lack of bound...