Lucene search
K

185 matches found

OSV
OSV
added 2019/01/26 5:29 p.m.27 views

CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

5.9CVSS6.5AI score
Exploits0References3
Drupal
Drupal
added 2018/08/08 12:0 a.m.15 views

PHP Configuration - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-055

This module enables you to add or overwrite PHP configuration on a drupal website. The module doesn't sufficiently allow access to set these configurations, leading to arbitrary PHP configuration execution by an attacker. This vulnerability is mitigated by the fact that an attacker must have a ro...

6.8AI score
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2018/06/27 12:0 a.m.24 views

PHPinfo Information Disclosure

Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo' for debugging purposes, and various PHP applications may also include such a file by default. By accessing it, a remote attacker can discover a large amount of information about the remote...

7.2AI score
Exploits0References1
FreeBSD
FreeBSD
added 2018/06/21 12:0 a.m.95 views

phpmyadmin -- remote code inclusion and XSS scripting

The phpMyAdmin development team reports: Summary XSS in Designer feature Description A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name. Severity We consider this attack to be of...

1.7AI score
Exploits0References2
Hacker One
Hacker One
added 2016/09/05 5:28 p.m.26 views

Boozt Fashion AB: PHP info page disclosure on http://www.day.dk/

Hi, Boozt team. Description: phpinfo is a debug functionality that prints out detailed information on both the system and the PHP configuration. Step to reproduce: 1. Go to http://www.day.dk/check.php An attacker can obtain information such as: •Exact PHP version. •Exact OS and its version...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2016/02/02 12:0 a.m.23 views

phpMyAdmin Information Disclosure Vulnerability

phpMyAdmin is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS5AI score0.02197EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/01/29 12:0 a.m.40 views

FreeBSD : phpmyadmin -- Full path disclosure vulnerability in SQL parser (78b4ebfb-c60b-11e5-bf36-6805ca0b3d42)

The phpMyAdmin development team reports : By calling a particular script that is part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider this vulnerability...

5.3CVSS6.3AI score0.02033EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/01/29 12:0 a.m.25 views

FreeBSD : phpmyadmin -- Multiple full path disclosure vulnerabilities (740badcb-c60b-11e5-bf36-6805ca0b3d42)

The phpMyAdmin development team reports : By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to...

5.3CVSS6.4AI score0.02383EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2016/01/28 12:0 a.m.126 views

phpmyadmin -- Full path disclosure vulnerability in SQL parser

The phpMyAdmin development team reports: By calling a particular script that is part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider this vulnerability ...

5.3CVSS2.3AI score0.02033EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/01/28 12:0 a.m.28 views

phpmyadmin -- Multiple full path disclosure vulnerabilities

The phpMyAdmin development team reports: By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to ...

5.3CVSS1.4AI score0.02383EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/12/25 12:0 a.m.26 views

phpMyAdmin -- path disclosure vulnerability

The phpMyAdmin development team reports: By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to ...

5.3CVSS5.9AI score0.02197EPSS
Exploits0References1
myhack58
myhack58
added 2015/06/27 12:0 a.m.62 views

PHP security issues: a remote overflow, DoS, safe_mode bypass vulnerability-vulnerability warning-the black bar safety net

One, the Web serversecurity PHP actually but is the Web server of a module function, so the first thing to ensure Web Server Security. Of course Web server to be secure and must be first to ensure the system safe, so you pull away, endless. PHP can be and various The Web server binding, also here...

0.6AI score
Exploits0
OSV
OSV
added 2015/03/30 10:59 a.m.3 views

UBUNTU-CVE-2013-6501

The default soap.wsdlcachedir setting in 1 php.ini-production and 2 php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the getsdl...

4.6CVSS6.8AI score0.00578EPSS
Exploits0References3
Kitploit
Kitploit
added 2014/09/09 2:11 a.m.16 views

PHP Secure Configuration Checker - Check current PHP configuration for potential security flaws

Among the most tedious tasks of PHP security testing is the check for insecure PHP configuration. As a successor of our PHP Security Poster, we have created a script to help system administrators as well as security professionals to assess the state of php.ini and related topics as quickly and as...

7.4AI score
Exploits0References1
OwnCloud
OwnCloud
added 2014/07/03 6:17 p.m.39 views

Session Fixation - ownCloud

Due to authenticating a user without invalidating any existing session identifier an attacker has the opportunity to steal authenticated sessions. A successful exploit requires that PHP is configured to accept session parameters via GET. Affected Software ownCloud Server 6.0.2 CVE-2014-2047 Actio...

6.8CVSS6.1AI score0.0129EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2014/07/03 2:0 a.m.59 views

Server: Session Fixation

Due to authenticating a user without invalidating any existing session identifier an attacker has the opportunity to steal authenticated sessions. A successful exploit requires that PHP is configured to accept session parameters via GET. For more information please consult the official advisory...

6.8CVSS6.1AI score0.0129EPSS
Exploits0Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.45 views

citrix xencenterweb (xss/sql/rce) Multiple Vulnerabilities

No description provided by source. Secure Network - Security Research Advisory Vuln name: Citrix XenCenterWeb Multiple Vulnerabilities Systems affected: Citrix XenCenterWeb Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL: http://www.citrix.com Authors: Alberto Trivero...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

TaskFreak! <= 0.6.1 - Remote SQL Injection Vulnerability

No description provided by source. | | |--.-----.| .-----.' |.---.-.----.-----.--| | | | | | -|| -- | -| || | | -| | || |||||/||| |.|||| TheDefaced.org TheDefaced Security Team Presents An 0-day. TaskFreak! SQL Injection Product: TaskFreak!/Discovered in ==0.6.1 Vuln: Remote SQL Injection...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Moodle <= 1.6dev SQL Injection / Command Execution Exploit

No description provided by source. ?php moodle16devxpl.php 4.19 10/11/2005 Moodle = 1.6dev get record SQL injection / / remote commands execution by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! make these changes in php.ini if you have troubl...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.70 views

suPHP <= 0.7 'suPHP_ConfigPath' Safe Mode Restriction-Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33073/info suPHP is prone to a 'safemode' restriction-bypass vulnerability. Successful exploits may allow attackers to bypass arbitrary PHP configuration options, including the 'safemode' setting. This vulnerability would...

7.1AI score
Exploits0
Rows per page
Query Builder