Lucene search
K

115 matches found

Tenable Nessus
Tenable Nessus
added 2020/02/28 12:0 a.m.57 views

Amazon Linux AMI : php72 (ALAS-2020-1346)

The version of php72 installed on the remote host is prior to 7.2.27-1.20. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1346 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...

9.1CVSS7.1AI score0.08888EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2020/02/28 12:0 a.m.52 views

Amazon Linux AMI : php73 (ALAS-2020-1347)

The version of php73 installed on the remote host is prior to 7.3.14-1.23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1347 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...

9.1CVSS7.1AI score0.08888EPSS
Exploits2References5
Cvelist
Cvelist
added 2020/02/27 8:25 p.m.19 views

CVE-2020-7063 Files added to tar with Phar::buildFromIterator have all-access permissions

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...

5.5CVSS7.4AI score0.01599EPSS
Exploits1References8
AlpineLinux
AlpineLinux
added 2020/02/27 8:25 p.m.37 views

CVE-2020-7061

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...

9.1CVSS7.6AI score0.03976EPSS
Exploits1
OSV
OSV
added 2020/02/17 12:0 a.m.54 views

DSA-4626-1 php7.3 - security update

Bulletin has no description...

9.1CVSS7.5AI score0.08888EPSS
Exploits5
UbuntuCve
UbuntuCve
added 2020/02/10 8:15 a.m.53 views

CVE-2020-7060

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbflfiltconvbig5wchar to read past the allocated buffer. This may lead to information disclosur...

9.1CVSS6.8AI score0.08888EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/02/10 12:0 a.m.296 views

Amazon Linux AMI : php72, php73 (ALAS-2020-1339)

The version of php72 installed on the remote host is prior to 7.2.26-1.19. The version of php73 installed on the remote host is prior to 7.3.13-1.22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1339 advisory. In PHP versions 7.2.x below 7.2.26, 7.3.x belo...

9.8CVSS7.2AI score0.08818EPSS
Exploits5References13
Tenable Nessus
Tenable Nessus
added 2020/01/24 12:0 a.m.54 views

PHP 7.3.x < 7.3.13 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is prior to 7.2.26, 7.3.x prior to 7.3.13, or 7.4.x prior to 7.4.1. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in link and DirectoryIterator class due to imprope...

9.8CVSS7.7AI score0.08818EPSS
Exploits5References8
Exploit DB
Exploit DB
added 2020/01/13 12:0 a.m.120 views

Chevereto 3.13.4 Core - Remote Code Execution

Exploit Title: Chevereto 3.13.4 Core - Remote Code Execution Date: 2020-01-11 Exploit Author: Jinny Ramsmark Vendor Homepage: https://chevereto.com/ Software Link: https://github.com/Chevereto/Chevereto-Free/releases Version: 1.0.0 Free - 1.1.4 Free, = 3.13.4 Core Tested on: Ubuntu 19.10, PHP 7.3...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2020/01/13 12:0 a.m.113 views

Chevereto 3.13.4 Core Remote Code Execution

Exploit Title: Chevereto 3.13.4 Core - Remote Code Execution Date: 2020-01-11 Exploit Author: Jinny Ramsmark Vendor Homepage: https://chevereto.com/ Software Link: https://github.com/Chevereto/Chevereto-Free/releases Version: 1.0.0 Free - 1.1.4 Free, = 3.13.4 Core Tested on: Ubuntu 19.10, PHP 7.3...

Exploits0
0day.today
0day.today
added 2020/01/13 12:0 a.m.94 views

Chevereto 3.13.4 Core - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Chevereto 3.13.4 Core - Remote Code Execution Exploit Author: Jinny Ramsmark Vendor Homepage: https://chevereto.com/ Software Link: https://github.com/Chevereto/Chevereto-Free/releases Version: 1.0.0 Free - 1.1.4 Free, = 3.13.4...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/01/06 12:0 a.m.14 views

Fedora 30 : drupal7 (2019-5f1a2cc839)

RPM notes : - All docs are now in /usr/share/doc/drupal7/ - All licenses are now in /usr/share/licenses/drupal7/ - Requires have been updated to include all phpcompatinfo extension findings 7.69 Maintenance and security release of the Drupal 7 series. This release fixes security vulnerabilities...

5.7AI score
Exploits0References3
Amazon
Amazon
added 2020/01/06 12:0 a.m.58 views

Medium: oniguruma

Issue Overview: Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. CVE-2019-16163 Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in strlowercasematch in regexec.c.CVE-2019-19246 Affected Packages:...

9.8CVSS7.4AI score0.10539EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2020/01/06 12:0 a.m.12 views

Fedora 31 : drupal7 (2019-4917943339)

RPM notes : - All docs are now in /usr/share/doc/drupal7/ - All licenses are now in /usr/share/licenses/drupal7/ - Requires have been updated to include all phpcompatinfo extension findings 7.69 Maintenance and security release of the Drupal 7 series. This release fixes security vulnerabilities...

5.7AI score
Exploits0References3
Cvelist
Cvelist
added 2019/12/23 2:40 a.m.32 views

CVE-2019-11050 Use-after-free in exif parsing under memory sanitizer

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...

4.8CVSS7.7AI score0.07624EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2019/12/21 12:0 a.m.10 views

PT-2019-4739 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.25 PHP versions 7.3.x through 7.3.12 PHP version 7.4.0 Description: The issue is related to the PHP EXIF extension when parsing EXIF information from an image, for example, via the exif read data function. It is...

9.8CVSS7.6AI score0.9947EPSS
Exploits102References430
Symantec
Symantec
added 2019/12/18 12:0 a.m.96 views

PHP CVE-2019-11047 Heap Buffer Overflow Vulnerability

Description PHP is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. PHP 7.2.x versions prior to 7.2.26, 7.3.x...

0.07473EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2019/12/06 12:0 a.m.226 views

Verot 2.0.3 Remote Code Execution

Exploit Title: Verot 2.0.3 - Remote Code Execution Date: 2019-12-05 Exploit Author: Jinny Ramsmark Vendor Homepage: https://www.verot.net/phpclassupload.htm Software Link: https://github.com/verot/class.upload.php Version: '; $quality = "85"; $baseurl = "http://lorempixel.com"; echo "-=Imagejpeg...

0.1AI score0.26184EPSS
Exploits7
exploitpack
exploitpack
added 2019/12/06 12:0 a.m.37 views

Verot 2.0.3 - Remote Code Execution

Verot 2.0.3 - Remote Code Execution Exploit Title: Verot 2.0.3 - Remote Code Execution Date: 2019-12-05 Exploit Author: Jinny Ramsmark Vendor Homepage: https://www.verot.net/phpclassupload.htm Software Link: https://github.com/verot/class.upload.php Version: '; $quality = "85"; $baseurl =...

7.5CVSS0.1AI score0.26184EPSS
Exploits7
0day.today
0day.today
added 2019/12/06 12:0 a.m.852 views

Verot 2.0.3 - Remote Code Execution Exploit #RCE

Exploit for php platform in category web applications Exploit Title: Verot 2.0.3 - Remote Code Execution Date: 2019-12-05 Exploit Author: Jinny Ramsmark Vendor Homepage: https://www.verot.net/phpclassupload.htm Software Link: https://github.com/verot/class.upload.php Version: '; $quality = "85";...

0.1AI score0.26184EPSS
Exploits7
Rows per page
Query Builder