PT-2026-32494

Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 scripts to web-accessible directories and execute th...

MiracleLinux 3 : php-5.1.6-45.0.1.AXS3 (AXSA:2014-794:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-794:03 advisory. Description : PHP is an HTML-embedded scripting language that allows developers to write dynamically generated web pages. PHP is ideal for writing...

MiracleLinux 4 : php-5.3.3-27.AXS4.2 (AXSA:2014-571:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-571:03 advisory. Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP al...

MiracleLinux 3 : php-5.1.6-27.4.0.1.AXS3 (AXSA:2012-35:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-35:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers...

MiracleLinux 4 : php54-php-5.4.40-4.AXS4 (AXSA:2016-620:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-620:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in...

MiracleLinux 7 : php55-php-5.5.21-5.el7 (AXSA:2016-632:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-632:01 advisory. Security issues fixed with this release: CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore...

CVE-2020-36907 Extreme Networks Aerohive HiveOS <=11.x 11.x Unauthenticated Remote Denial of Service

Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption...

PT-2025-48117

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download setting.php allows reading arbitrary files...

Linux Distros Unpatched Vulnerability : CVE-2011-3699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation...

SUSE CVE-2010-2191

The 1 parsestr, 2 pregmatch, 3 unpack, and 4 pack functions; the 5 ZENDFETCHRW, 6 ZENDCONCAT, and 7 ZENDASSIGNCONCAT opcodes; and the 8 ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents or...

SUSE CVE-2010-4657

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output...

SUSE CVE-2012-2329

Buffer overflow in the apacherequestheaders function in sapi/cgi/cgimain.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service application crash via a long string in the header of an HTTP request...

SUSE CVE-2013-7328

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service application crash or obtain sensitive information via an imagecrop function call with a negative value for the 1 x or 2 y dimension, a...

SUSE CVE-2015-8879

The odbcbindcols function in ext/odbc/phpodbc.c in PHP before 5.6.12 mishandles driver behavior for SQLWVARCHAR columns, which allows remote attackers to cause a denial of service application crash in opportunistic circumstances by leveraging use of the odbcfetcharray function to access a certain...

CVE-2021-41731

Cross Site Scripting XSS vulnerability exists in Sourcecodester News247 News Magazine CMS PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field...

Command Execution Vulnerability in flatCore CMS Backend

flatCore CMS is a web content management system CMS based on PHP5 and SQLite3. A command executionl vulnerability exists in the backend of flatCore CMS. An attacker can exploit the vulnerability to execute arbitrary code...

XSS Vulnerability in HulaCWMS

HulaCWMS is developed on ThinkPHP5 framework and includes all the features of ThinkPHP5. HulaCWMS has an XSS vulnerability that can be exploited by an attacker to obtain sensitive information such as user cookies...

PHP pecl-http extension buffer overflow vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development , support for a variety of databases and operating systems...

CVE-2017-12868

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation...

UBUNTU-CVE-2017-12868

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation...