Lucene search
K

185 matches found

Hacker One
Hacker One
added 2021/03/06 5:33 p.m.173 views

U.S. General Services Administration: PHP info page disclosure

phpinfo is a debug functionality that prints out detailed information on both the system and the PHP configuration. Step to reproduce: Go here: https://mysmartplans.gsa.gov/phpinfo.php An attacker can obtain information such as: Exact PHP version. Exact OS and its version. Details of the PHP...

1.1AI score
Exploits0
OSV
OSV
added 2020/10/07 4:15 p.m.7 views

CVE-2020-24246

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files /filemanager/php/connector.php from Web Admin...

7.5CVSS7.1AI score0.01281EPSS
Exploits1References2
NVD
NVD
added 2020/10/07 4:15 p.m.27 views

CVE-2020-24246

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files /filemanager/php/connector.php from Web Admin...

7.5CVSS0.01281EPSS
Exploits1References2
Prion
Prion
added 2020/10/07 4:15 p.m.22 views

Design/Logic Flaw

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files /filemanager/php/connector.php from Web Admin...

5CVSS7.6AI score0.01281EPSS
Exploits1References2Affected Software55
Cvelist
Cvelist
added 2020/10/07 3:10 p.m.25 views

CVE-2020-24246

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files /filemanager/php/connector.php from Web Admin...

7.7AI score0.01281EPSS
Exploits1References2
NVD
NVD
added 2020/06/01 5:15 p.m.19 views

CVE-2014-8939

Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information full path via an include/smarty/plugins/modifier.dateformat.php request if PHP has a non-recommended configuration that produces warning messages...

5.3CVSS5.2AI score0.01368EPSS
Exploits1References1
Prion
Prion
added 2020/06/01 5:15 p.m.19 views

Cross site request forgery (csrf)

Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information full path via an include/smarty/plugins/modifier.dateformat.php request if PHP has a non-recommended configuration that produces warning messages...

4.3CVSS6.8AI score0.01368EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/06/01 4:25 p.m.19 views

CVE-2014-8939

Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information full path via an include/smarty/plugins/modifier.dateformat.php request if PHP has a non-recommended configuration that produces warning messages...

5.2AI score0.01368EPSS
Exploits1References1
Veracode
Veracode
added 2020/04/10 12:13 a.m.25 views

Arbitrary Code Execution

squirrelmail is vulnerable to arbitrary code execution. A local file disclosure flaw was found in the way SquirrelMail loads plugins. If registerglobals is on and magicquotesgpc is off, it became possible for an unauthenticated remote user to view the contents of arbitrary local files the web...

7.5CVSS2.5AI score0.47196EPSS
Exploits2References206Affected Software1
Hacker One
Hacker One
added 2020/02/25 6:52 p.m.23 views

U.S. Dept Of Defense: phpinfo() disclosure info

hi security team i found subdoamins avalibale file phpinfo PoC:- https://█████████/phpinfo.php Impact An attacker can obtain information such as: •Exact PHP version. •Exact OS and its version. •Details of the PHP configuration. •Internal IP addresses. •Server environment variables. •Loaded PHP...

0.5AI score
Exploits0
NVD
NVD
added 2019/08/01 3:15 p.m.20 views

CVE-2016-10851

cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface SEC-84...

5.4CVSS5.3AI score0.00636EPSS
Exploits0References2
OSV
OSV
added 2019/08/01 3:15 p.m.6 views

CVE-2016-10851

cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface SEC-84...

5.4CVSS5.8AI score0.00636EPSS
Exploits0References2
Prion
Prion
added 2019/08/01 3:15 p.m.14 views

Design/Logic Flaw

cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface SEC-84...

3.5CVSS6.3AI score0.00636EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/08/01 2:48 p.m.47 views

CVE-2016-10851

cPanel/WHM vulnerability CVE-2016-10851 affects cPanel before 11.54.0.4, allowing self-XSS in the WHM PHP Configuration editor (SEC-84). Root cause details aren’t specified beyond the self XSS indication. Impact is limited to the editor’s interface and user interaction, with no explicit exploitat...

5.4CVSS5.3AI score0.00636EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/01 2:48 p.m.29 views

CVE-2016-10851

cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface SEC-84...

5.3AI score0.00636EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/04/02 5:34 p.m.50 views

Mail.ru: Source code disclosure

PHP configuration file was available for download on few terrhq.ru subdomains...

1.4AI score
Exploits0
Debian
Debian
added 2019/02/27 1:58 p.m.117 views

[SECURITY] [DLA 1692-1] phpmyadmin security update

Package : phpmyadmin Version : 4:4.2.12-2+deb8u5 CVE ID : CVE-2019-6799 Debian Bug : 920823 An information leak issue was discovered in phpMyAdmin. An attacker can read any file on the server that the web servers user can access. This is related to the mysql.allowlocalinfile PHP configuration. Wh...

5.9CVSS5.7AI score0.15586EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/01/26 5:29 p.m.26 views

CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

5.9CVSS6.6AI score0.15586EPSS
Exploits0References5
NVD
NVD
added 2019/01/26 5:29 p.m.17 views

CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

5.9CVSS5.5AI score0.15586EPSS
Exploits0References3
Prion
Prion
added 2019/01/26 5:29 p.m.18 views

Code injection

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

4.3CVSS5.7AI score0.15586EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder