51 matches found
CLSA-2022-1654526233 Fixed CVE-2021-21705 in php-4.module_el8.4.0+2054+2eb69d76.tuxcare.els4
CVE-2021-21705: Fix SSRF bypass in FILTERVALIDATEURL adding additional check ups...
vBulletin PHP Module Remote Code Execution Vulnerability
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. This CVE ID resolves an incomplete patch for CVE-2019-16759...
[SECURITY] [DLA 2466-1] drupal7 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2466-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 27, 2020 https://wiki.debian.org/LTS -...
Cacti PHP Module Memory Corruption Vulnerability
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A memory corruption vulnerability exists in Cacti 1.2.7 and earlier...
CVE-2019-17358
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the P...
Memory corruption
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the P...
CVE-2019-17358
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the P...
new module: php:7.3
An update is available for libzip, php-pear, php-pecl-apcu, php-pecl-zip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This enhancement update adds the php:7....
cacti -- multiple vulnerabilities
The cacti developers reports: When viewing graphs, some input variables are not properly checked SQL injection possible. Multiple instances of lib/functions.php are affected by unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence...
VulnCheck KEV: CVE-2019-16759
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...
CVE-2005-3319
The apache2handler SAPI sapiapache2.c in the Apache module modphp for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service segmentation fault via the session.savepath option in a .htaccess file or VirtualHost...
php: pipelined request executed in deinitialized interpreter under httpd 2.4
A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code...
php security update
CentOS Errata and Security Advisory CESA-2015:1135 Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...
php: pipelined request executed in deinitialized interpreter under httpd 2.4
A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code...
php: pipelined request executed in deinitialized interpreter under httpd 2.4
A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code...
Drupal HTTP Parameter Key/Value SQL Injection
This module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. Two methods are available to trigger the PHP payload on the target: - set...
Kolibri+ Webserver 2 - (GET Request) Remote SEH Overwrite Exploit
No description provided by source. !/usr/bin/python Could not get this to work on XP SP3. php5ts.dll is the only module with safe seh off but could not get the pop pop ret to work correctly despite the large number of usable addresses that were tested. $ ./kolibri.py 192.168.1.146 8080 Kolibri+...
[SAMHAIN v3.0.11 & BELTANE v2.4.6] Host-based intrusion detection system (HIDS)
The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis , as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially...
[SECURITY] Fedora 16 Update: php-5.3.15-1.fc16
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
PHP python module safe_mode bypass
Module doesn't check safemode restrictions for python code...