15 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-21707
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename...
PT-2024-33683
Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.6 SuiteCRM versions prior to 8.7.1 Description: The issue arises from the way SuiteCRM checks PHP scripts against a blacklist of functions and methods to prevent the installation of malicious MLPs. However, thi...
CVE-2024-8925
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...
CVE-2021-23394
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution RCE via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP...
CVE-2021-23394
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution RCE via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP...
Remote code execution
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution RCE via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP...
CVE-2021-23394 Remote Code Execution (RCE)
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution RCE via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP...
CVE-2021-23394
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution RCE via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP...
Remote Code Execution (RCE)
Overview studio-42/elfinder is an open-source file manager for web, written in JavaScript using jQuery UI. Affected versions of this package are vulnerable to Remote Code Execution RCE via execution of PHP code in a .phar file. NOTE: This only applies if the server is configured to parse .phar...
UBUNTU-CVE-2016-10397
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...
Burrow position: special upload tips, bypassing the PHP picture Converter to achieve remote code execution RCE-a vulnerability warning-the black bar safety net
I use a special image upload tips, bypassing the PHP GD library for image conversion processing, and ultimately successfully achieve remote code execution. The way it is. I was testing the site on whether there is asql injectionvulnerabilities, inadvertently I'm on the site personal page found a...
Ability to enable/disable PHP parsing in Yaml::parse()
More info at https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released...
Ability to enable/disable PHP parsing in Yaml::parse()
More info at https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released...
The Apache with the latest security vulnerabilities and use-vulnerability and early warning-the black bar safety net
Sources of information: the Red wolf security group www.wolfexp.net,www.crst.com.cn) The Apache with the latest security vulnerabilities with the use of Bug Find By Cooldiyer @ 2006/12/13 1 5:0 5 Description: Any to. php at the beginning of the file name, Apache as the php file parsing Such as"...
exponentCMS.txt
A number of security issues have been discovered in ExponentCMS ------------------------------------------------------------------------ --------------------- Exponent is a fully-featured, modern CMS written in PHP, that enables non-technical people to manage and update their websites with minima...