[SECURITY] Fedora 43 Update: drupal7-7.103-1.fc43

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

Mautic Docker Image 安全漏洞

Mautic Docker Image is a Mautic open source Docker image for Mautic. A security vulnerability exists in Mautic Docker Image that stems from exposing the PHP version via the X-Powered-By header, which could lead to server fingerprinting...

CVE-2024-11050

A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be...

CE Phoenix Cart Security Vulnerability

CE Phoenix Cart is a free, open source e-commerce shopping cart software from CE Phoenix Cart Open Source. A security vulnerability exists in CE Phoenix Cart v1.0.8.20, which originates from a Remote Code Execution RCE vulnerability in component /admin/definelanguage.php...

Important: php8.1

Issue Overview: GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw NOTE:...

The vulnerability of the PHP programming language interpreter, related to privilege management errors, allows attackers to bypass the protection mechanisms defined by open_basedir.

The vulnerability of the PHP programming language interpreter and the SQLite database management system is related to privilege management errors. Exploiting this vulnerability allows a malicious actor to bypass the protection mechanisms defined by openbasedir...

The vulnerability of the php_zip.c component of the PHP programming language interpreter allows a attacker to execute arbitrary PHP code or cause a service failure.

The vulnerability of the phpzip.c component of the PHP programming language interpreter relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary PHP code or cause a service failure by using specially created serialized data containing a...

CLSA-2022-1650575892 Update of php 5.3: Remove mariadb102 patch to eliminate faulty functionality

Remove mariadb102 patch to eliminate faulty functionality...

PT-2022-17010 · Php · Crypt Gpg

Name of the Vulnerable Software and Affected Versions: Crypt GPG extension for PHP versions prior to 1.6.7 Description: The issue concerns the Crypt GPG extension for PHP, where it fails to prevent additional options in GPG calls. This poses a risk for certain environments and GPG versions...

CVE-2020-35272

Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting XSS in the Admin Portal in the Task and Description fields...

The vulnerability of the libxml2 library and the PHP interpreter allows attackers to trigger a service failure.

The vulnerability of the xslextfunctionphp function ext/xsl/xsltprocessor.c in the libxml2 library and the PHP interpreter is related to pointer dereferencing errors. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure dereferencing the null pointer...

PHPProbid 5.24 Lang.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22374/info PHPProbid is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlyi...

php: LCG entropy weakness

The Linear Congruential Generator LCG in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function...