Lucene search
K

95 matches found

Exploit DB
Exploit DB
added 2020/07/10 12:0 a.m.226 views

Barangay Management System 1.0 - Authentication Bypass

Exploit Title: Barangay Management System 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-07-05 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/13484/barangay-management-system.html Software Link:...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/05/15 12:0 a.m.264 views

Amazon Linux AMI : php72 (ALAS-2020-1367)

The version of php72 installed on the remote host is prior to 7.2.30-1.22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1367 advisory. In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata...

7.5CVSS7.1AI score0.04311EPSS
Exploits3References7
Oracle linux
Oracle linux
added 2020/05/05 12:0 a.m.54 views

php:7.2 security, bug fix, and enhancement update

...

9.8CVSS8.1AI score0.10059EPSS
Exploits14
Tenable Nessus
Tenable Nessus
added 2020/04/28 12:0 a.m.69 views

RHEL 8 : php:7.2 (RHSA-2020:1624)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1624 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...

9.8CVSS7AI score0.10059EPSS
Exploits14References38
Cvelist
Cvelist
added 2020/04/27 8:38 p.m.38 views

CVE-2020-7067 OOB Read in urldecode()

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support uncommon, urldecode function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes...

7.5CVSS7.5AI score0.04311EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2020/04/23 12:0 a.m.170 views

PHP 7.2.x < 7.2.30 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.30. It is, therefore, affected by multiple vulnerabilities: - An out-of-bounds read error exists in urldecode due to improper data validation checks. An attacker can exploit...

7.5CVSS6.6AI score0.04311EPSS
Exploits1References4
Cvelist
Cvelist
added 2020/04/01 3:35 a.m.26 views

CVE-2020-7064 Use-of-uninitialized-value in exif

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

6.5CVSS6.8AI score0.04295EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2020/03/27 12:0 a.m.234 views

PHP 7.2.x < 7.2.29 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.29. It is, therefore, affected by multiple vulnerabilities: - A NULL pointer de-reference flaw exists in PHP's Exif component due to its implementation attempting to use uninitialized bytes. An...

6.5CVSS6.9AI score0.04295EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2020/03/16 12:0 a.m.54 views

Amazon Linux AMI : php73 (ALAS-2020-1351)

The version of php73 installed on the remote host is prior to 7.3.15-1.24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1351 advisory. In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension,...

9.1CVSS7.2AI score0.03976EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2020/02/28 12:0 a.m.52 views

Amazon Linux AMI : php73 (ALAS-2020-1347)

The version of php73 installed on the remote host is prior to 7.3.14-1.23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1347 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...

9.1CVSS7.1AI score0.08888EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2020/02/28 12:0 a.m.57 views

Amazon Linux AMI : php72 (ALAS-2020-1346)

The version of php72 installed on the remote host is prior to 7.2.27-1.20. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1346 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...

9.1CVSS7.1AI score0.08888EPSS
Exploits2References5
Cvelist
Cvelist
added 2020/02/27 8:25 p.m.19 views

CVE-2020-7063 Files added to tar with Phar::buildFromIterator have all-access permissions

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...

5.5CVSS7.4AI score0.01599EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2020/02/10 8:15 a.m.54 views

CVE-2020-7060

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbflfiltconvbig5wchar to read past the allocated buffer. This may lead to information disclosur...

9.1CVSS6.8AI score0.08888EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/02/10 12:0 a.m.296 views

Amazon Linux AMI : php72, php73 (ALAS-2020-1339)

The version of php72 installed on the remote host is prior to 7.2.26-1.19. The version of php73 installed on the remote host is prior to 7.3.13-1.22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1339 advisory. In PHP versions 7.2.x below 7.2.26, 7.3.x belo...

9.8CVSS7.2AI score0.08818EPSS
Exploits5References13
Cvelist
Cvelist
added 2019/12/23 2:40 a.m.33 views

CVE-2019-11050 Use-after-free in exif parsing under memory sanitizer

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...

4.8CVSS7.7AI score0.07624EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2019/12/21 12:0 a.m.12 views

PT-2019-4739 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.25 PHP versions 7.3.x through 7.3.12 PHP version 7.4.0 Description: The issue is related to the PHP EXIF extension when parsing EXIF information from an image, for example, via the exif read data function. It is...

9.8CVSS7.6AI score0.9947EPSS
Exploits102References430
Symantec
Symantec
added 2019/12/18 12:0 a.m.96 views

PHP CVE-2019-11047 Heap Buffer Overflow Vulnerability

Description PHP is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. PHP 7.2.x versions prior to 7.2.26, 7.3.x...

0.07473EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/11/25 12:0 a.m.62 views

Oracle Linux 8 : php:7.2 (ELSA-2019-3735)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3735 advisory. php 7.2.11-4 - fix underflow in envpathinfo in fpmmain.c CVE-2019-11043 Tenable has extracted the preceding description block directly from the Oracle Linux...

9.8CVSS7.5AI score0.9947EPSS
Exploits54References2
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.130 views

RHEL 8 : php:7.2 (RHSA-2019:3735)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3735 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: underflow in envpathinfo in fpmmain.c...

9.8CVSS7.6AI score0.9947EPSS
Exploits54References5
AlmaLinux
AlmaLinux
added 2019/11/05 5:37 p.m.20 views

php:7.2 bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

1.6AI score
Exploits0References1
Rows per page
Query Builder