33 matches found
Astra Linux - уязвимость в php8.1, php7.3
In PHP versions 8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, and 8.4. before 8.4.10, some functions like fsockopen lack validation to ensure that the supplied hostname does not contain null characters. This may cause other functions like parseurl to handle the hostname differently,...
CVE-2026-6141
The CVE-2026-6141 entry affects danielmiessler Personal_AI_Infrastructure up to version 2.3.0, targeting an unknown function in Skills/Parser/Tools/parse_url.ts. The vulnerability allows remote OS command injection via manipulation of that function. The exploit has been publicly disclosed, and a ...
CVE-2026-6141 danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection
A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005377)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005377 advisory. In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname suppli...
Linux Distros Unpatched Vulnerability : CVE-2025-1220
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname...
CVE-2025-1220 Null byte termination in hostnames
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...
CVE-2017-7569
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parseurl function, aka VBV-17037...
SUSE: Security Advisory (SUSE-SU-2021:0124-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:0126-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for php7 (openSUSE-SU-2021:0101-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-27329
Friendica 2021.01 allows SSRF via parseurl?binurl= for DNS lookups or HTTP requests to arbitrary domain names...
Server side request forgery (ssrf)
Friendica 2021.01 allows SSRF via parseurl?binurl= for DNS lookups or HTTP requests to arbitrary domain names...
CVE-2021-27329
The issue CVE-2021-27329 affects Friendica 2021.01 and is described as a server-side request forgery (SSRF) vulnerability. The root cause involves parsing a URL parameter parse_url?binurl= which can trigger DNS lookups or HTTP requests to arbitrary domain names. This was reported across multiple ...
Friendica 代码问题漏洞
Friendica is an application for the German Friendica community. Provides decentralized social networking. A server-side request forgery vulnerability exists in Friendica version 2021.01. The vulnerability stems from allowing DNS lookups and HTTP requests for arbitrary domains via parseurl?binurl=...
openSUSE Security Update : php7 (openSUSE-2021-101)
This update for php7 fixes the following issue : - CVE-2020-7071: Fixed an insufficient filter in parseurl that accepted URLs with invalid userinfo bsc1180706. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package...
Security update for php7 (moderate)
openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2021:0101-1 Rating: moderate References: 1180706 Cross-References: CVE-2020-7071 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for php7 fixes t...
SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2021:0124-1)
This update for php7 fixes the following issue : CVE-2020-7071: Fixed an insufficient filter in parseurl that accepted URLs with invalid userinfo bsc1180706. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...
SUSE SLES12 Security Update : php74 (SUSE-SU-2021:0126-1)
This update for php74 fixes the following issue : CVE-2020-7071: Fixed an insufficient filter in parseurl that accepted URLs with invalid userinfo bsc1180706. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...
SUSE-SU-2021:0125-1 Security update for php72
This update for php72 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parseurl that accepted URLs with invalid userinfo bsc1180706...
PHP 7.0.x < 7.0.13 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.13. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the parseurl function due to returning the incorrect host. An unauthenticated, remote attacker can exploit this to hav...