95 matches found
Barangay Management System 1.0 - Authentication Bypass
Exploit Title: Barangay Management System 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-07-05 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/13484/barangay-management-system.html Software Link:...
Amazon Linux AMI : php72 (ALAS-2020-1367)
The version of php72 installed on the remote host is prior to 7.2.30-1.22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1367 advisory. In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata...
php:7.2 security, bug fix, and enhancement update
...
RHEL 8 : php:7.2 (RHSA-2020:1624)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1624 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...
CVE-2020-7067 OOB Read in urldecode()
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support uncommon, urldecode function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes...
PHP 7.2.x < 7.2.30 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.30. It is, therefore, affected by multiple vulnerabilities: - An out-of-bounds read error exists in urldecode due to improper data validation checks. An attacker can exploit...
CVE-2020-7064 Use-of-uninitialized-value in exif
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...
PHP 7.2.x < 7.2.29 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.29. It is, therefore, affected by multiple vulnerabilities: - A NULL pointer de-reference flaw exists in PHP's Exif component due to its implementation attempting to use uninitialized bytes. An...
Amazon Linux AMI : php73 (ALAS-2020-1351)
The version of php73 installed on the remote host is prior to 7.3.15-1.24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1351 advisory. In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension,...
Amazon Linux AMI : php73 (ALAS-2020-1347)
The version of php73 installed on the remote host is prior to 7.3.14-1.23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1347 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...
Amazon Linux AMI : php72 (ALAS-2020-1346)
The version of php72 installed on the remote host is prior to 7.2.27-1.20. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1346 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...
CVE-2020-7063 Files added to tar with Phar::buildFromIterator have all-access permissions
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...
CVE-2020-7060
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbflfiltconvbig5wchar to read past the allocated buffer. This may lead to information disclosur...
Amazon Linux AMI : php72, php73 (ALAS-2020-1339)
The version of php72 installed on the remote host is prior to 7.2.26-1.19. The version of php73 installed on the remote host is prior to 7.3.13-1.22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1339 advisory. In PHP versions 7.2.x below 7.2.26, 7.3.x belo...
CVE-2019-11050 Use-after-free in exif parsing under memory sanitizer
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...
PT-2019-4739 · Php +7 · Php +7
Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.25 PHP versions 7.3.x through 7.3.12 PHP version 7.4.0 Description: The issue is related to the PHP EXIF extension when parsing EXIF information from an image, for example, via the exif read data function. It is...
PHP CVE-2019-11047 Heap Buffer Overflow Vulnerability
Description PHP is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. PHP 7.2.x versions prior to 7.2.26, 7.3.x...
Oracle Linux 8 : php:7.2 (ELSA-2019-3735)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3735 advisory. php 7.2.11-4 - fix underflow in envpathinfo in fpmmain.c CVE-2019-11043 Tenable has extracted the preceding description block directly from the Oracle Linux...
RHEL 8 : php:7.2 (RHSA-2019:3735)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3735 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: underflow in envpathinfo in fpmmain.c...
php:7.2 bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...