185 matches found
U.S. General Services Administration: PHP info page disclosure
phpinfo is a debug functionality that prints out detailed information on both the system and the PHP configuration. Step to reproduce: Go here: https://mysmartplans.gsa.gov/phpinfo.php An attacker can obtain information such as: Exact PHP version. Exact OS and its version. Details of the PHP...
CVE-2020-24246
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files /filemanager/php/connector.php from Web Admin...
CVE-2020-24246
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files /filemanager/php/connector.php from Web Admin...
Design/Logic Flaw
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files /filemanager/php/connector.php from Web Admin...
CVE-2020-24246
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files /filemanager/php/connector.php from Web Admin...
CVE-2014-8939
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information full path via an include/smarty/plugins/modifier.dateformat.php request if PHP has a non-recommended configuration that produces warning messages...
Cross site request forgery (csrf)
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information full path via an include/smarty/plugins/modifier.dateformat.php request if PHP has a non-recommended configuration that produces warning messages...
CVE-2014-8939
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information full path via an include/smarty/plugins/modifier.dateformat.php request if PHP has a non-recommended configuration that produces warning messages...
Arbitrary Code Execution
squirrelmail is vulnerable to arbitrary code execution. A local file disclosure flaw was found in the way SquirrelMail loads plugins. If registerglobals is on and magicquotesgpc is off, it became possible for an unauthenticated remote user to view the contents of arbitrary local files the web...
U.S. Dept Of Defense: phpinfo() disclosure info
hi security team i found subdoamins avalibale file phpinfo PoC:- https://█████████/phpinfo.php Impact An attacker can obtain information such as: •Exact PHP version. •Exact OS and its version. •Details of the PHP configuration. •Internal IP addresses. •Server environment variables. •Loaded PHP...
CVE-2016-10851
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface SEC-84...
CVE-2016-10851
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface SEC-84...
Design/Logic Flaw
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface SEC-84...
CVE-2016-10851
cPanel/WHM vulnerability CVE-2016-10851 affects cPanel before 11.54.0.4, allowing self-XSS in the WHM PHP Configuration editor (SEC-84). Root cause details aren’t specified beyond the self XSS indication. Impact is limited to the editor’s interface and user interaction, with no explicit exploitat...
CVE-2016-10851
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface SEC-84...
Mail.ru: Source code disclosure
PHP configuration file was available for download on few terrhq.ru subdomains...
[SECURITY] [DLA 1692-1] phpmyadmin security update
Package : phpmyadmin Version : 4:4.2.12-2+deb8u5 CVE ID : CVE-2019-6799 Debian Bug : 920823 An information leak issue was discovered in phpMyAdmin. An attacker can read any file on the server that the web servers user can access. This is related to the mysql.allowlocalinfile PHP configuration. Wh...
CVE-2019-6799
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...
CVE-2019-6799
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...
Code injection
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...