Lucene search
K

126 matches found

BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.9 views

The vulnerability of the sapi/cgi/cgi_main.c component of the PHP programming language interpreter allows a hacker to execute arbitrary code.

The vulnerability of the sapi/cgi/cgimain.c component of the PHP programming language interpreter is related to the lack of validation for the sequences of XML objects. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS7.6AI score0.68846EPSS
Exploits1References18Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/04/25 12:0 a.m.5 views

The vulnerability in the `build_tablename` function (`pgsql.c`) of the PHP programming language interpreter allows a hacker to trigger a service failure.

The vulnerability of the buildtablename function in the PHP programming language interpreter is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause service interruptions...

5.3CVSS6.8AI score0.07758EPSS
Exploits1References13Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/04/25 12:0 a.m.7 views

The vulnerability of the PHP interpreter is related to an error in processing paths to files containing the character \x00. This error allows attackers to gain unauthorized access to files or directories.

The vulnerability of the PHP interpreter extension is related to an error in processing paths to files containing the character \x00. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to files or directories...

7.5CVSS7.5AI score0.20233EPSS
Exploits0References17Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.10 views

The vulnerability of the zend_ini_do_op() function in the PHP interpreter allows a hacker to execute arbitrary PHP code.

The vulnerability of the zendinidoop function Zend/zendini parser.c in the PHP interpreter is caused by buffer overflow. Exploiting this vulnerability could allow a remote attacker to execute arbitrary PHP code...

9.3CVSS8.2AI score0.03365EPSS
Exploits0References10Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.7 views

The vulnerability in the `ext/standard/link_win32.c` component of the PHP interpreter allows a perpetrator to compromise data confidentiality.

The vulnerability of the ext/standard/linkwin32.c component of the PHP interpreter involves exposing protected information. Exploiting this vulnerability could allow a malicious actor to compromise data confidentiality remotely...

7.8CVSS7.2AI score0.04592EPSS
Exploits1References7Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.6 views

The vulnerability of the `ext/standard/var_unserializer.c` component of the PHP interpreter allows a attacker to cause a service failure.

The vulnerability of the ext/standard/varunserializer.c component of the PHP interpreter is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to cause service failures by invoking the com, dotnet, or variant classes...

7.8CVSS7.3AI score0.04584EPSS
Exploits1References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.5 views

The vulnerability in the ext/session/session.c component of the PHP programming language interpreter allows a hacker to modify user session data.

The vulnerability of the ext/session/session.c component in the PHP programming language exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a remote attacker to modify user session data...

7.8CVSS7.5AI score0.0578EPSS
Exploits1References11Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.7 views

The vulnerability of the `gdimagewebpctx` function in the GD Graphics Library, a programming language interpreter for PHP, allows attackers to trigger a service failure or potentially cause other adverse effects.

The vulnerability of the gdimagewebpctx function in the GD Graphics Library, a programming language interpreter for PHP, is caused by a numerical overflow. Exploiting this vulnerability could allow an attacker to cause service interruptions or potentially have other effects through the invocation...

10CVSS7.9AI score0.05101EPSS
Exploits0References8Affected Software4
OSV
OSV
added 2022/03/19 12:1 a.m.22 views

GHSA-PR9Q-V585-QV2W Improper Privilege Management in Open Web Analytics

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

9.8CVSS9.5AI score0.99134EPSS
Exploits14References6
OSV
OSV
added 2022/03/18 4:15 p.m.17 views

CVE-2022-24637

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

9.8CVSS9.6AI score
Exploits0References4
Prion
Prion
added 2022/03/18 4:15 p.m.18 views

Design/Logic Flaw

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

5CVSS9.5AI score0.99134EPSS
Exploits14References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/07 12:0 a.m.5 views

The vulnerability of the sapi/cgi/cgi_main.c component of the PHP programming language interpreter allows a hacker to execute arbitrary code.

The vulnerability of the sapi/cgi/cgimain.c component of the PHP programming language interpreter exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS7.6AI score0.99998EPSS
Exploits42References9Affected Software1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.44 views

SUSE: Security Advisory (SUSE-SU-2016:1581-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.1AI score0.35438EPSS
Exploits24References30
BDU FSTEC
BDU FSTEC
added 2020/12/22 12:0 a.m.3 views

The vulnerability of the mbfl_filt_conv_big5_wchar function in the PHP interpreter allows a hacker to access protected information or cause service failures.

The vulnerability of the mbflfiltconvbig5wchar function in the PHP interpreter arises due to an operation being performed outside the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to gain access to protected information or cause service failures...

6.5CVSS7AI score0.08888EPSS
Exploits1References10Affected Software6
Hacker One
Hacker One
added 2020/06/20 4:18 p.m.22 views

ownCloud: Remote Code Execution through "Files_antivirus" plugin

Hi, I would like to report a Remote Code Execution in OwnCloud. The flaw is exploitable as an authenticated user and level of privileges required is "Administrator". Vulnerable component is the plugin "filesantivirus", freely downloadable via the market and available in owncloud github repository...

0.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/04/23 12:0 a.m.4 views

The vulnerability of the PHP programming language interpreter, related to reading beyond the buffer boundaries of memory, allows attackers to gain unauthorized access to information.

The vulnerability of the PHP programming language interpreter is related to reading beyond the buffer boundaries of memory. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to information...

7.8CVSS6.9AI score0.04082EPSS
Exploits0References13Affected Software5
Ubuntu
Ubuntu
added 2020/04/15 1:9 p.m.127 views

USN-4330-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. CVE-2020-7062 It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information...

8.8CVSS7.1AI score0.04764EPSS
Exploits5
Veracode
Veracode
added 2020/04/10 1:10 a.m.51 views

Remote Code Execution (RCE)

PHP is vulnerable to remote code execution RCE. It was discovered that the fix for CVE-2011-4885 released via RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red Hat Enterprise Linux 4, 5, and 6 respectively introduced an uninitialized memory use flaw. A remote attacker cou...

7.5CVSS2.6AI score0.83911EPSS
Exploits16References28Affected Software1
Veracode
Veracode
added 2020/04/10 1:3 a.m.30 views

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as an integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian with a large value could cause the PHP interpreter to crash...

5CVSS3.1AI score0.05699EPSS
Exploits2References16Affected Software1
Veracode
Veracode
added 2020/04/10 12:53 a.m.28 views

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as it was discovered that the PHP fnmatch function did not restrict the length of the pattern argument. A remote attacker could use this flaw to crash the PHP interpreter where a script used fnmatch on untrusted matching pattern...

5CVSS1.9AI score0.03012EPSS
Exploits1References12Affected Software1
Rows per page
Query Builder