CVE-2026-34733

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

EUVD-2006-4455

Malware in sbrugna...

EUVD-2006-6272

Malware in sbrugna...

EUVD-2005-3153

Malware in sbrugna...

EUVD-2006-4454

Malware in sbrugna...

The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.

...

Linux Distros Unpatched Vulnerability : CVE-2017-9119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The izvalptrdtor function in Zend/zendvariables.h in PHP 7.1.5 allows attackers to cause a denial of service memory consumption and application crash or possibl...

GHSA-8XHV-GQM4-3W99 ZendFramework1 Potential Insufficient Entropy Vulnerability

We discovered several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. These random number generators are used in the following method calls: ZendLdapAttribute::createPassword ZendFormElementHash::generateHash ZendGdataHttpClient::filterHttpRequest...

ZendFramework1 Potential Insufficient Entropy Vulnerability

We discovered several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. These random number generators are used in the following method calls: ZendLdapAttribute::createPassword ZendFormElementHash::generateHash ZendGdataHttpClient::filterHttpRequest...

CVE-2023-49087 Validation of SignedInfo

xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree the one that contain...

Validation of SignedInfo

Validation of an XML Signature requires verification that the hash value of the related XML-document after any optional transformations and/or normalizations matches a specific DigestValue-value, but also that the cryptografic signature on the SignedInfo-tree the one that contains the DigestValue...

php: Heap-based buffer over-read in mbstring regular expression functions

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

phpMyAdmin 4.0 <= 4.8.4 Arbitrary File Read Vulnerability (PMASA-2019-1) - Windows

phpMyAdmin is prone to an arbitrary file read vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

phpMyAdmin -- File disclosure and SQL injection

The phpMyAdmin development team reports: Summary Arbitrary file read vulnerability Description When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. phpMyadmin attempts to block...

Internet Bug Bounty: imagecolormatch Out Of Bounds Write on Heap

The link to the PHP bug: https://bugs.php.net/bug.php?id=77270 This is possible to exploit in PHP 7.0.33 and 5.6.39. I used this vulnerability to write a local safe mode bypass exploit. It is possible to write up to 1200 bytes over the boundaries of a buffer allocated in the imagecolormatch...

PHP 7.0.x < 7.0.16 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.16. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in mysqli.c due to a memory leak. An unauthenticated, remote attacker can exploit this to...

PHP 7.1.x < 7.1.2 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.2. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in mysqli.c due to a memory leak. An unauthenticated, remote attacker can exploit this to...

WordPress 5.0 Patched to Fix Serious Bugs

WordPress 5.0 users are being urged to update their CMS software to fix a number of serious bugs. The update WordPress 5.0.1 addresses seven flaws and was issued Thursday, less than a week after WordPress 5.0 was released. The most serious of the flaws is a bug that allows the WordPress “user...

CVE-2015-2142

Multiple cross-site request forgery CSRF vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to 1 hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, 2 hijack the authentication of users for...