13 matches found
EUVD-2004-1966
Malware in sbrugna...
EUVD-2004-2036
Malware in sbrugna...
CVE-2021-29625
Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...
openSUSE Security Update : cacti / cacti-spine (openSUSE-2020-654)
This update for cacti, cacti-spine fixes the following issues : cacti-spine and cacti were updated to 1.2.12 : cacti fixes : - CVE-2020-7106: Lack of escaping of color items can lead to XSS exposure boo1163749 - Fix multiple graphing bugs and web UI issues - Fix multiple warnings, PHP Exceptions...
OPENSUSE-SU-2017:3448-1 Security update for phpMyAdmin
This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations bsc1074066, PMASA-2017-09 This update also contains all upstream improvements...
phpMyAdmin Full Path Disclosure Vulnerability
phpmyadmin is an online management tool for MySQL databases. phpmyadmin versions 4.4.x, 4.6.x, 4.0.x are available at . /setup/, . /examples/ are vulnerable to a full path disclosure vulnerability, which can be exploited by an attacker with a constructed script that triggers a PHP error message t...
CVE-2007-1522
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an...
DEBIAN-CVE-2012-3354
doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message...
FreeBSD : drupal6 -- multiple vulnerabilities (1acf9ec5-877d-11e0-b937-001372fd0af2)
Drupal Team reports : A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. The issue can be mitigated by disabling on-scree...
SA-CORE-2011-001 - Drupal core - Multiple vulnerabilities
CVE: CVE-2011-2687 Multiple vulnerabilities and weaknesses were discovered in Drupal. Reflected cross site scripting vulnerability in error handler A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a...
drupal6 -- multiple vulnerabilities
Drupal Team reports: A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. The issue can be mitigated by disabling on-screen...
dotProject-2.0.1.txt
dotproject Date: Feb. 14 2006 Vendor: dotproject.net contacted Description: dotProject is a volunteer supported Project Management application. Details: The 'protection.php' script does not properly validate user-supplied input in the 'siteurl' parameter. Some user-supplied input is not checked...
Очередные ошибки во многих PHP-скриптах.
Ошибки неинициализированных глобальных переменных...