Lucene search
K

89 matches found

Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.16 views

Fedora 17 : php-pecl-radius-1.2.7-1.fc17 (2013-11992)

Version 1.2.7 - Fix a security issue in radiusgetvendorattr by enforcing checks of the VSA length field against the buffer size. Adam Version 1.2.6 - Support added for PHP 5.4 and 5.5. Johannes - Fixed bug 60885 Radius module causing Apache segmentation fault. Adam - Fixed a crash when calling...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.13 views

Fedora 19 : php-pecl-radius-1.2.7-1.fc19 (2013-11911)

RPM change : - provide the ZTS extension Version 1.2.7 - Fix a security issue in radiusgetvendorattr by enforcing checks of the VSA length field against the buffer size. Adam Version 1.2.6 - Support added for PHP 5.4 and 5.5. Johannes - Fixed bug 60885 Radius module causing Apache segmentation...

5.8AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/07/03 12:0 a.m.17 views

k2, 2.6.6, Open Folder Permissions

k2, Open folder permissions developer notice http:/getk2.org/blog/1432-k2-v267-released-akismet-integrated-new-acl-option-improved-php-54-support...

0.2AI score
Exploits0References2Affected Software1
NVD
NVD
added 2013/06/21 9:55 p.m.25 views

CVE-2013-4636

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during access to an finfo object...

4.3CVSS6.5AI score0.01975EPSS
Exploits0References2
NVD
NVD
added 2013/06/21 9:55 p.m.20 views

CVE-2013-4635

Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service application hang via a large argument to the jdtojewish function...

5CVSS6.5AI score0.0423EPSS
Exploits0References9
Prion
Prion
added 2013/06/21 9:55 p.m.20 views

Design/Logic Flaw

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during access to an finfo object...

4.3CVSS7.1AI score0.01975EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2013/06/21 9:0 p.m.36 views

CVE-2013-4636

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during access to an finfo object...

5.7AI score0.01975EPSS
Exploits0References2
CVE
CVE
added 2013/06/21 9:0 p.m.98 views

CVE-2013-4636

CVE-2013-4636 affects PHP 5.4.x prior to 5.4.16. The vulnerability is in the mget function of libmagic/softmagic.c (Fileinfo) and allows remote denial of service via an MP3 file that triggers incorrect MIME type detection when accessing a finfo object. Impact is DoS (invalid pointer dereference a...

4.3CVSS5.6AI score0.01975EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2013/06/21 9:0 p.m.46 views

CVE-2013-4636

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during access to an finfo object...

4.3CVSS6.5AI score0.01975EPSS
Exploits0
0day.today
0day.today
added 2013/02/27 12:0 a.m.23 views

Wordpress Comment Rating Plugin 2.9.32 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Wordpress plugin: Comment Rating SQL injection Google Dork: Date: 21/02/2013 Exploit Author: ebanyu Url Author: www.ebanyu.com.ar Vendor Homepage: wealthynetizen.com Software Link:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2013/02/27 12:0 a.m.35 views

WordPress Plugin Comment Rating 2.9.32 - Multiple Vulnerabilities

Exploit Title: Wordpress plugin: Comment Rating SQL injection Google Dork: Date: 21/02/2013 Exploit Author: ebanyu Url Author: www.ebanyu.com.ar Vendor Homepage: wealthynetizen.com Software Link: http://wealthynetizen.com/wordpress-plugin-comment-rating/ Version: 2.9.32 Tested on: Fedora 18 + mys...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/02/13 12:0 a.m.34 views

OpenEMR 4.1.1 Shell Upload

?php / OpenEMR 4.1.1 ofcuploadimage.php Arbitrary File Upload Vulnerability Vendor: OpenEMR Product web page: http://www.open-emr.org Affected version: 4.1.1 Summary: OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows,...

7.4AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 2012/11/28 10:4 a.m.15 views

code injection in `Wrapper::buildClientWrapperCode` via manipulation of the `$client` argument

security fix: hardened the Client::send method against misuse of the $method argument issue 81. Abusing its value, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakne...

7.3AI score
Exploits0Affected Software1
Exploit DB
Exploit DB
added 2012/08/27 12:0 a.m.27 views

web@all CMS 2.0 - Multiple Vulnerabilities

web@all CMS 2.0 order SQL Injection Vulnerability Vendor: web@all Product web page: http://www.webatall.org Affected version: 2.0 Summary: web@all is a PHP content management system CMS. If you know about it,you nearly can use it to do anything. Desc: The application suffers from an SQL Injection...

7.4AI score
Exploits0
OwnCloud
OwnCloud
added 2012/08/10 5:4 p.m.46 views

Insufficiently random values - ownCloud

The rand and mtrand functions in PHP 5.4.x do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in ownCloud 4.0.x...

5.1CVSS6.2AI score0.03013EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/08/06 12:0 a.m.20 views

PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow

Binary data 6530.prm...

10CVSS7.3AI score0.10467EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2012/07/20 12:0 a.m.102 views

PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow

According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.5, and is, therefore, potentially affected by an unspecified overflow vulnerability in the function 'phpstreamscandir' in the file 'main/streams/streams.c'. %NASLMINLEVEL 70300 C Tenable Network...

10CVSS8.2AI score0.10467EPSS
Exploits1References2
Cvelist
Cvelist
added 2012/07/07 10:0 a.m.19 views

CVE-2012-2386

Integer overflow in the pharparsetarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow...

8AI score0.42481EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2012/06/15 12:0 a.m.58 views

PHP 5.4.x < 5.4.4 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.4, and as such is potentially affected the following vulnerabilities : - An integer overflow error exists in the function 'pharparsetarfile' in the file 'ext/phar/tar.c'. This error can lead to a...

7.5CVSS8.4AI score0.42481EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2012/05/22 12:0 a.m.21 views

CVE-2012-2386

Integer overflow in the pharparsetarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow...

7.5CVSS7.5AI score0.42481EPSS
Exploits1References4
Rows per page
Query Builder