EUVD-2015-8736

Malware in sbrugna...

EUVD-2024-36064

Malicious code in bioql PyPI...

EUVD-2016-4184

Malicious code in bioql PyPI...

CVE-2018-18758

Open Faculty Evaluation System 7 for PHP 7 allows submitfeedback.php SQL Injection, a different vulnerability than CVE-2018-18757...

BIT-SUITECRM-2024-36407 SuiteCRM unauthenticated user password reset on php7

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is...

CVE-2024-36407

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is...

CVE-2024-36407 SuiteCRM unauthenticated user password reset on php7

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is...

CVE-2024-36407

CVE-2024-36407 (SuiteCRM) : An unauthenticated attacker could trigger a password reset flow to a user due to a vulnerability in SuiteCRM prior to versions 7.14.4 and 8.6.1. The attacker does not obtain the new password, and exploitation depends on password-reset functionality being enabled, with ...

CVE-2024-36407 SuiteCRM unauthenticated user password reset on php7

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is...

RHEL 8 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php: Out of bounds access in phppcre.c:phppcrereplaceimpl CVE-2017-9118 - php: 1-byte array overrun in...

Snappy PHAR deserialization vulnerability

Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar:// wrapper...

GHSA-92RV-4J2H-8MJJ Snappy PHAR deserialization vulnerability

Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar:// wrapper...

Snappy PHAR deserialization vulnerability

Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar:// wrapper...

WP Meta SEO < 4.5.5 - Author+ PHAR Deserialization

The plugin does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution. 1. Use a WordPress instance...

K95432245: PHP vulnerability CVE-2016-5768

Security Advisory Description Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application...

K05918709: PHP vulnerability CVE-2016-7479

Security Advisory Description In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. CVE-2016-7479 Impact There is no impact; F5...

C99Shell-PHP7 - PHP 7 And Safe-Build Update Of The Popular C99 Variant Of PHP Shell

C99Shell-PHP7 PHP 7 and safe-build Update of the popular C99 variant of PHP Shell. c99shell.php v.2.0 PHP 7 25.02.2019 Updated by: PinoyWH1Z for PHP 7 About C99Shell An excellent example of a web shell is the c99 variant, which is a PHP shell most of them calls it malware often uploaded to a...

SUSE SLES15 Security Update : php7 (SUSE-SU-2022:4067-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4067-1 advisory. - An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php- fpm master process...

EUVD-2016-8332

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution...

Ubuntu 16.04 ESM : PHP vulnerabilities (USN-5300-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5300-1 advisory. It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. CVE-2015-9253,...