CVE-2018-1000888

PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...

DRUPAL-CONTRIB-2018-001

This module enables content editors to create complex pages and layouts on the fly without the help from a developer, using reusable widgets. The module does not sufficiently filter values posted to its AJAX endpoint, which leads to the instantiation of an arbitrary PHP class. This vulnerability ...

Stacks - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-001

This module enables content editors to create complex pages and layouts on the fly without the help from a developer, using reusable widgets. The module does not sufficiently filter values posted to its AJAX endpoint, which leads to the instantiation of an arbitrary PHP class. This vulnerability ...

PHPMailer PwnScriptum Remote Code Execution

Added: 01/05/2017 BID: 95108 Background PHPMailer is a PHP class used for sending email from PHP. It is used by many open-source projects, e.g., WordPress, Drupal, and Joomla. Problem PHPMailer class mailSend function is vulnerable to command injection due to failure to properly sanitize the...

DLA-357-1 libphp-snoopy - security update

Bulletin has no description...

DSA-3248-1 libphp-snoopy - security update

Bulletin has no description...

IIS the latest high-risk Vulnerability, CVE-2 0 1 5-1 6 3 5, AND MS15-0 3 4. THE POC and online detection of source-vulnerability warning-the black bar safety net

! HTTP. sys remote code execution vulnerability, CVE-2 0 1 5-1 6 3 5, AND MS15-0 3 4. the A remote code execution vulnerability exists in the HTTP Protocol stack HTTP.sys, when the HTTP.sys not correct parsing specially crafted HTTP request to cause this vulnerability. Successful exploitation of...

XSS Vulnerability in Active Calendar 1.2.0

XSS Vulnerability in Active Calendar 1.2.0 Discovered by Martin Barbella [email protected] Description of Vulnerability: ----------------------------- Active Calendar is PHP Class, that generates calendars year, month or week view as a HTML Table XHTML-Valid. From:...

Active Calendar 1.2.0 Cross Site Scripting

XSS Vulnerability in Active Calendar 1.2.0 Discovered by Martin Barbella Description of Vulnerability: ----------------------------- Active Calendar is PHP Class, that generates calendars year, month or week view as a HTML Table XHTML-Valid. From: http://micronetwork.de/activecalendar/index.php I...

Snoopy '_httpsrequest()'任意命令执行漏洞

BUGTRAQ ID: 31887 CNCAN ID：CNCAN-2008102405 Snoopy是一款模拟WEB浏览器的PHP类。 Snoopy 'httpsrequest'存在输入验证问题，远程攻击者可以利用漏洞以应用程序权限执行任意命令。 目前没有详细漏洞细节提供。 Snoopy Snoopy 1.2.3 Snoopy Snoopy 1.2.1 Snoopy Snoopy 1.2 Snoopy Snoopy 1.0 1 Snoopy Snoopy 0.94 Snoopy Snoopy 0.93 Snoopy Snoopy 0.92 Snoopy Snoopy 0.91 升级程序：...

DBeSession102.txt

GulfTech Security Research February 11, 2006 Vendor : Lawrence Osiris URL : http://www.phpclasses.org/browse/package/1624.html Version : DBeSession 1.0.2 Risk : SQL Injection Description: DBeSession is a feature-packed PHP class that stores the session data in a MySQL database rather than files. ...

PHP Manpage lookup directory transversal / file disclosing

Hi ppl, Manpage Lookup is a PHP class that helps you to build a "manpage" frontend in php. It is powered by Andy http://php.amnuts.com. The script class.manpagelookup.php was vulnerable to a directory transversal bug because of leaks is input validation that could lead to disclose any readable by...

manpage.txt

Hi ppl, Manpage Lookup is a PHP class that helps you to build a "manpage" frontend in php. It is powered by Andy http://php.amnuts.com. The script class.manpagelookup.php was vulnerable to a directory transversal bug because of leaks is input validation that could lead to disclose any readable by...