Lucene search
K

40 matches found

Debian CVE
Debian CVE
added 2021/05/19 9:35 p.m.25 views

CVE-2021-29625

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...

7.5CVSS6.2AI score0.09572EPSS
Exploits1
Hacker One
Hacker One
added 2020/02/25 6:52 p.m.23 views

U.S. Dept Of Defense: phpinfo() disclosure info

hi security team i found subdoamins avalibale file phpinfo PoC:- https://█████████/phpinfo.php Impact An attacker can obtain information such as: •Exact PHP version. •Exact OS and its version. •Details of the PHP configuration. •Internal IP addresses. •Server environment variables. •Loaded PHP...

0.5AI score
Exploits0
OSV
OSV
added 2020/02/17 6:15 p.m.1 views

UBUNTU-CVE-2015-0258

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a 1 .php3, 2 .php4, 3 .php5, or 4 .phtml extension...

8.8CVSS7.6AI score0.03781EPSS
Exploits3References5
BDU FSTEC
BDU FSTEC
added 2019/12/11 12:0 a.m.7 views

The vulnerability of the openregion.security module of the “Open Region” platform, which arises due to insufficient validation of input data, allows attackers to execute arbitrary code or carry out cross-site scripting attacks.

The vulnerability of the “Open Region” platform exists due to insufficient verification of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or perform a cross-site scripting attack by uploading files with extensions .pht, .php7, .php5, .php3, .php4,...

7.5CVSS5.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/09/25 12:0 a.m.16 views

Debian DLA-1928-1 : php5 security update

An update has been made to php5, a server-side, HTML-embedded scripting language. Specficially, as reported in 805222, the ability to build extensions in certain older versions of PHP within Debian has been hindered by an upstream change which first appeared in PHP 5.6.15. This update applies a f...

5.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2019/09/25 12:0 a.m.52 views

Debian: Security Advisory (DLA-1928-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
0day.today
0day.today
added 2019/02/28 12:0 a.m.67 views

Feng Office 3.7.0.5 - Remote Command Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/06/27 12:0 a.m.24 views

PHPinfo Information Disclosure

Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo' for debugging purposes, and various PHP applications may also include such a file by default. By accessing it, a remote attacker can discover a large amount of information about the remote...

7.2AI score
Exploits0References1
OSV
OSV
added 2018/03/01 12:0 a.m.4 views

UBUNTU-CVE-2018-7584

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...

9.8CVSS7.2AI score0.87883EPSS
Exploits3References5
OpenVAS
OpenVAS
added 2016/12/07 12:0 a.m.58 views

Joomla Alternative PHP File Extensions File Upload and Information Disclosure Vulnerabilities

Joomla is prone to file upload and information disclosure vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS8.2AI score0.01883EPSS
Exploits2References5
myhack58
myhack58
added 2016/09/23 12:0 a.m.18 views

Drupal 8 configuration file download vulnerability analysis-vulnerability warning-the black bar safety net

Author: p0wd3r know Chong Yu 4 0 4 Security lab Date: 2016-09-22 0x00 vulnerability overview 1. Vulnerability description Drupal ( https://www.drupal.org is a free open source content management system, recent researchers have found in it 8. x 8.1.10 version found three security vulnerabilities,...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2016/09/05 5:28 p.m.26 views

Boozt Fashion AB: PHP info page disclosure on http://www.day.dk/

Hi, Boozt team. Description: phpinfo is a debug functionality that prints out detailed information on both the system and the PHP configuration. Step to reproduce: 1. Go to http://www.day.dk/check.php An attacker can obtain information such as: •Exact PHP version. •Exact OS and its version...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/07/09 5:1 p.m.3 views

php: missing null byte checks for paths in various PHP extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

6.5CVSS7.2AI score0.03439EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2015/06/25 8:43 a.m.2 views

php: missing null byte checks for paths in various PHP extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

5.3CVSS7.2AI score0.04094EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2015/06/25 8:31 a.m.2 views

php: missing null byte checks for paths in various PHP extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

6.5CVSS7.2AI score0.03439EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2015/06/04 8:2 a.m.3 views

php: missing null byte checks for paths in various PHP extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

6.5CVSS7.2AI score0.03439EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2015/06/04 8:2 a.m.2 views

php: missing null byte checks for paths in various PHP extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

5.3CVSS7.2AI score0.04094EPSS
Exploits1References4
Hacker One
Hacker One
added 2014/06/25 1:43 p.m.75 views

Uzbey: Information Disclosure (phpinfo())

URL :- https://staging.uzbey.com/phpinfo.php Description :- phpinfo is a debug functionality that prints out detailed information on both the system and the PHP configuration. An attacker can obtain information such as: •Exact PHP version. •Exact OS and its version. •Details of the PHP...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/02/22 12:0 a.m.94 views

Re: PHP 5.3.5 grapheme_extract() NULL Pointer Dereference

On Wed, 16 Feb 2011 16:11:23 -0700 cxib wrote: Affected Software: - PHP 5.3.5 grapheme is neither part of PHP core, nor built-in PHP extension, therefore above is false as bug is not in PHP itself. People using PHP 5.3.5 but not using grapheme some distros like Debian and derrivatives offer this...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/01/13 12:0 a.m.41 views

Multiple PHP extensions vulnerabilities

mysqli extension format string vulnerability, session extension session id HTTP response splitting...

0.5AI score
Exploits0References2Affected Software1
Rows per page
Query Builder