Lucene search
K

214 matches found

Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.27 views

Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

6.8CVSS6.9AI score0.02164EPSS
Exploits0References8Affected Software10
OSV
OSV
added 2022/05/14 12:56 a.m.28 views

GHSA-GP39-H9C2-QW79 Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

6.8CVSS9.5AI score0.02164EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2021/11/21 12:0 a.m.9 views

SUSE: Security Advisory (SUSE-SU-2021:3727-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.01337EPSS
Exploits1References2
OSV
OSV
added 2021/11/18 1:0 p.m.5 views

SUSE-SU-2021:3726-1 Security update for php74

This update for php74 fixes the following issues: - CVE-2021-21703: Fixed local privilege escalation via PHP-FPM bsc1192050...

7.8CVSS7.8AI score0.01337EPSS
Exploits1References3
Mageia
Mageia
added 2021/10/31 11:12 a.m.46 views

Updated php packages fix security vulnerability

Updated php packages fix security vulnerability: In PHP versions 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main...

7.8CVSS2.6AI score0.01337EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/10/28 12:0 a.m.10 views

Ubuntu: Security Advisory (USN-5125-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.01337EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2021/10/27 9:50 p.m.113 views

USN-5125-1: PHP vulnerability

It was discovered that PHP-FPM in PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

7.8CVSS7.5AI score0.01337EPSS
Exploits1
OSV
OSV
added 2021/10/27 9:50 p.m.4 views

USN-5125-1 php5, php7.0, php7.2, php7.4, php8.0 vulnerability

It was discovered that PHP-FPM in PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

7.8CVSS6.9AI score0.01337EPSS
Exploits1References2
Debian
Debian
added 2021/10/25 8:25 p.m.52 views

[SECURITY] [DSA 4993-1] php7.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4993-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 25, 2021 https://www.debian.org/security/faq -...

6.9CVSS2.4AI score0.01337EPSS
Exploits1
OSV
OSV
added 2021/10/21 12:0 a.m.2 views

UBUNTU-CVE-2021-21703

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the...

7.8CVSS6.9AI score0.01337EPSS
Exploits1References5
CVE
CVE
added 2021/10/06 8:28 p.m.53 views

CVE-2021-42040

CVE-2021-42040 affects MediaWiki up to 1.36.2, where a loop-control parser function in the Loops extension mishandles egLoopsCountLimit, allowing an infinite loop and potential memory exhaustion. Public references from PT-Security indicate upgrades to fixed branches: update to MediaWiki 1.36.3+ f...

7.5CVSS7.4AI score0.01122EPSS
Exploits0References2Affected Software1
Gitee
Gitee
added 2021/09/20 11:12 p.m.13 views

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The exploit targets a vulnerability in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit works by appending a specially crafted URL to the web server, which...

9.8CVSS7.7AI score0.9947EPSS
Exploits54
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.31 views

SUSE: Security Advisory (SUSE-SU-2020:2896-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.3AI score0.05029EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2020:2997-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS8AI score0.05029EPSS
Exploits1References6
Hacker One
Hacker One
added 2021/04/08 5:20 p.m.80 views

Algolia: PHP-FPM status page disclosure

A page leaking debug information was publicly accessible...

2.3AI score
Exploits0
Gitee
Gitee
added 2021/01/18 5:38 p.m.10 views

Exploit for Out-of-bounds Write in Php

This is an exploit for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit works by setting the PHPVALUE path info to a malicious value, whic...

9.8CVSS8.2AI score0.9947EPSS
Exploits54
Gitee
Gitee
added 2020/12/09 3:19 p.m.16 views

Exploit for Out-of-bounds Write in Php

PoC exploit for CVE-2019-11043, an exploit for a bug in php-fpm. The exploit targets a vulnerability in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit assumes that the nginx configuration has a location block that forwar...

9.8CVSS8.3AI score0.9947EPSS
Exploits54
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.25 views

SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:2997-1)

This update for php7 fixes the following issues : CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite...

6.5CVSS6.8AI score0.05029EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.44 views

SUSE SLES12 Security Update : php7 (SUSE-SU-2020:2920-1)

This update for php7 fixes the following issues : CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names bsc1177352. Added tmpfiles.d for php-fpm to provide a base for a socket bsc1173786 Note that Tenable Network Security has...

5.3CVSS6.8AI score0.05029EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.38 views

SUSE SLES12 Security Update : php74 (SUSE-SU-2020:2896-1)

This update for php74 fixes the following issues : CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrit...

6.5CVSS6.8AI score0.05029EPSS
Exploits1References8
Rows per page
Query Builder