[SECURITY] Fedora 43 Update: drupal7-7.103-1.fc43

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

Mautic Docker Image 安全漏洞

Mautic Docker Image is a Mautic open source Docker image for Mautic. A security vulnerability exists in Mautic Docker Image that stems from exposing the PHP version via the X-Powered-By header, which could lead to server fingerprinting...

CVE-2024-11050

A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be...

CE Phoenix Cart Security Vulnerability

CE Phoenix Cart is a free, open source e-commerce shopping cart software from CE Phoenix Cart Open Source. A security vulnerability exists in CE Phoenix Cart v1.0.8.20, which originates from a Remote Code Execution RCE vulnerability in component /admin/definelanguage.php...

Important: php8.1

Issue Overview: GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw NOTE:...

CLSA-2022-1650575892 Update of php 5.3: Remove mariadb102 patch to eliminate faulty functionality

Remove mariadb102 patch to eliminate faulty functionality...

PT-2022-17010 · Php · Crypt Gpg

Name of the Vulnerable Software and Affected Versions: Crypt GPG extension for PHP versions prior to 1.6.7 Description: The issue concerns the Crypt GPG extension for PHP, where it fails to prevent additional options in GPG calls. This poses a risk for certain environments and GPG versions...

CVE-2020-35272

Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting XSS in the Admin Portal in the Task and Description fields...

PHPProbid 5.24 Lang.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22374/info PHPProbid is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlyi...

php: LCG entropy weakness

The Linear Congruential Generator LCG in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function...