SUSE CVE-2012-2311

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that contain a %3D sequence but no = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options i...

SUSE CVE-2012-2336

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing command-line options...

TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering

CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:F/RL:O/RC:C 8.2 Problem TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In combination with the TypoScript setting...

GHSA-R4F8-F93X-5QH3 TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering

CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:F/RL:O/RC:C 8.2 Problem TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In combination with the TypoScript setting...

TYPO3 8.7.0 < 8.7.51 ELTS / 9.0.0 < 9.5.40 ELTS / 10.0.0 < 10.4.36 / 11.0.0 < 11.5.23 / 12.0.0 < 12.2.0 XSS (TYPO3-CORE-SA-2023-001)

The version of TYPO3 installed on the remote host is prior to 8.7.0 8.7.51 ELTS / 9.0.0 9.5.40 ELTS / 10.0.0 10.4.36 / 11.0.0 11.5.23 / 12.0.0 12.2.0. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-001 advisory. - TYPO3 core component...

Mageia: Security Advisory (MGASA-2018-0222)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2015-0365)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2016-0159)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-5149

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs...

Default configuration

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs...

CVE-2019-5149

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs...

Code injection

cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler SEC-142...

CVE-2016-10802

CVE-2016-10802 affects cPanel prior to 58.0.4, allowing code execution in the context of other user accounts through the PHP CGI handler (SEC-142). Connected sources confirm the vendor advisory and a fixed version (58.0.4); no exploitation details are provided in the documents. Recommended action...

CVE-2016-10802

cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler SEC-142...

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...

Arbitrary Code Execution

php-cgi is susceptible to arbitrary code execution. An attacker can inject arbitrary script because it does not properly handle the query strings without an = equals sign character, leading to malicious code execution with the privileges of the PHP interpreter...

Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2501-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2501-1 advisory. Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a...

UBUNTU-CVE-2014-9427

sapi/cgi/cgimain.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a character and lacks a newline character, whi...

Internet Bug Bounty: out of bounds read crashes php-cgi

I found and disclosed CVE-2014-9427 to the PHP dev team on 17 December 2014 https://bugs.php.net/bug.php?id=68618 and a patch was committed on 30 December 2014 http://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35 and the flaw is now fixed. Details of the flaw:...

Apache/NGINX 下 PHP-FPM 或者 PHP-CGI 拒绝服务漏洞

使用标准cable/DSL连接，这种攻击可以使用标准的HTTP请求占满一台Linux web服务器的CPU和内存。这种攻击影响使用PHP-CGI或PHP-FPM（包含WordPress站点在内）解析PHP动态内容的Apache或者NGINX web服务器。另外，这种攻击制造的请求将会在攻击后的较长时间内继续占用服务器资源。 0 全版本 暂无 ?php !/usr/bin/php / File: phpstress.php Written by: d4rk0 / @d4rk0s Concept by: Vinny Troia / @VinnyTroia Night Lion Securit...