47 matches found
CVE-2018-19458
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246...
EUVD-2022-3574
Malicious code in bioql PyPI...
EUVD-2022-2459
Malicious code in bioql PyPI...
LFI in PHP-Proxy 5.1.0
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" intended for users who lack shell access to their web server is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 appkey value from the default config.php is in place, and this value ca...
GHSA-PC5H-M95G-V6RH LFI in PHP-Proxy 5.1.0
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" intended for users who lack shell access to their web server is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 appkey value from the default config.php is in place, and this value ca...
Unauthenticated File Read in PHP Proxy
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246...
GHSA-3X3M-P2WX-G7CW Unauthenticated File Read in PHP Proxy
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246...
GHSA-4WGF-9X5R-P938 Weak Cryptography in PHP-Proxy
The strrotpass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion...
PHP Proxy Arbitrary File Read (CVE-2018-19458)
An arbitrary file read vulnerability exists in PHP Proxy. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to access and read arbitrary file...
PHP-Proxy Information Disclosure (CVE-2018-19246)
An information disclosure vulnerability exists in PHP Proxy 5.1.0. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Moodle Jmol Filter 6.1 Cross Site Scripting / Directory Traversal
Exploit Title: Moodle filterjmol multiple vulnerabilities Directory Traversal and XSS Date: 20 May 2019 Exploit Author: Dionach Ltd Exploit Author Homepage: https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities Software Link: https://moodle.org/plugins/filterjmol Version: =6.1...
Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting
Exploit Title: Moodle filterjmol multiple vulnerabilities Directory Traversal and XSS Date: 20 May 2019 Exploit Author: Dionach Ltd Exploit Author Homepage: https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities Software Link: https://moodle.org/plugins/filterjmol Version: =6.1...
Local File Inclusion
php-proxy-app is vulnerable to local file inclusion. The vulnerability exists because strrotpass function in vendor/atholn1600/php-proxy/src/helpers.php uses a weak cryptography to authorize data...
PHP-Proxy Weak Encryption Vulnerability
PHP-Proxy is a web-based proxy script featuring fast, easy customization and the ability to provide support for complex websites such as YouTube and Facebook. A weak encryption vulnerability in the strrotpass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy versions 5.1.0 and...
PHP-Proxy Cross-Site Scripting Vulnerability
PHP-Proxy is a web-based proxy script featuring fast, easy customization and the ability to provide support for complex websites such as YouTube and Facebook. A cross-site scripting vulnerability exists in PHP-Proxy versions 5.1.0 and earlier, which can be exploited by an attacker via a URL field...
CVE-2018-19784
The strrotpass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion...
CVE-2018-19785
PHP-Proxy through 5.1.0 has Cross-Site Scripting XSS via the URL field in index.php...
Authorization
The strrotpass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion...
Cross site scripting
PHP-Proxy through 5.1.0 has Cross-Site Scripting XSS via the URL field in index.php...
CVE-2018-19784
The strrotpass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion...