Lucene search
K

95 matches found

RedhatCVE
RedhatCVE
added 2019/10/17 6:52 p.m.44 views

CVE-2019-11038

When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...

5.3CVSS6.4AI score0.04332EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/10/09 12:0 a.m.17 views

PHP 7.2.x < 7.2.23 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.23 or 7.3.x prior to 7.3.10. It is, therefore, affected by multiple vulnerabilities: - A heap-based buffer overflow exists in mberegi. - An uninitialized buffer exists in odiumcryptogenerichashinit...

8AI score
Exploits0References2
exploitpack
exploitpack
added 2019/10/08 12:0 a.m.31 views

Zabbix 4.4 - Authentication Bypass

Zabbix 4.4 - Authentication Bypass Exploit Title: Zabbix 4.4 - Authentication Bypass Date: 2019-10-06 Exploit Author: Todor Donev Software Link: https://www.zabbix.com/download Version: Zabbix 4.4 Tested on: Linux Apache/2 PHP/7.2 Zabbix Initializing the browser Referer = User-Agent = Opera/9.61...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/10/04 12:0 a.m.66 views

PHP 7.0 < 7.3 (Unix) - (gc) Disable Functions Bypass Exploit

Exploit for php platform in category web applications = 0; $j-- $address = 8; return $out; function write&$str, $p, $v, $n = 8 $i = 0; for$i = 0; $i = 8; function leak$addr, $p = 0, $s = 8 global $abc, $helper; write$abc, 0x68, $addr + $p - 0x10; $leak = strlen$helper-a; if$s != 8 $leak %= 2 $s 8...

Exploits0
Tenable Nessus
Tenable Nessus
added 2019/09/30 12:0 a.m.47 views

EulerOS 2.0 SP8 : gd (EulerOS-SA-2019-2074)

According to the version of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below...

5.3CVSS5.7AI score0.04332EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/09/18 12:0 a.m.21 views

PHP 7.2.x < 7.2.22 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.32, 7.2.x prior to 7.2.22 or 7.3.x prior to 7.3.9. It is, therefore, affected by multiple vulnerabilities including an unspecified heap buffer overflow. Note that the scanner has not tested for thes...

9.8CVSS10AI score0.04047EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2019/09/06 12:0 a.m.189 views

FusionPBX 4.4.8 Remote Code Execution

!/usr/bin/python3 ''' Exploit Title: FusionPBX v4.4.8 Remote Code Execution Date: 13/08/2019 Exploit Author: Askar @mohammadaskar2 CVE : 2019-15029 Vendor Homepage: https://www.fusionpbx.com Software link: https://www.fusionpbx.com/download Version: v4.4.8 Tested on: Ubuntu 18.04 / PHP 7.2 '''...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/09/06 12:0 a.m.20 views

FusionPBX 4.4.8 - Remote Code Execution Exploit

!/usr/bin/python3 ''' Exploit Title: FusionPBX v4.4.8 Remote Code Execution Exploit Author: Askar @mohammadaskar2 CVE : 2019-15029 Vendor Homepage: https://www.fusionpbx.com Software link: https://www.fusionpbx.com/download Version: v4.4.8 Tested on: Ubuntu 18.04 / PHP 7.2 ''' import requests fro...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/09/06 12:0 a.m.14 views

FusionPBX 4.4.8 - Remote Code Execution

FusionPBX 4.4.8 - Remote Code Execution !/usr/bin/python3 ''' Exploit Title: FusionPBX v4.4.8 Remote Code Execution Date: 13/08/2019 Exploit Author: Askar @mohammadaskar2 CVE : 2019-15029 Vendor Homepage: https://www.fusionpbx.com Software link: https://www.fusionpbx.com/download Version: v4.4.8...

8.1AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/06 12:0 a.m.291 views

FusionPBX 4.4.8 - Remote Code Execution

!/usr/bin/python3 ''' Exploit Title: FusionPBX v4.4.8 Remote Code Execution Date: 13/08/2019 Exploit Author: Askar @mohammadaskar2 CVE : 2019-15029 Vendor Homepage: https://www.fusionpbx.com Software link: https://www.fusionpbx.com/download Version: v4.4.8 Tested on: Ubuntu 18.04 / PHP 7.2 '''...

7.4AI score
Exploits0
OSV
OSV
added 2019/06/19 12:15 a.m.32 views

CVE-2019-11038

When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...

5.3CVSS6.5AI score
Exploits0References18
Prion
Prion
added 2019/06/19 12:15 a.m.33 views

Code injection

When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...

5CVSS5.4AI score0.04332EPSS
Exploits1References18Affected Software13
CVE
CVE
added 2019/06/18 11:28 p.m.685 views

CVE-2019-11038

CVE-2019-11038 affects the GD Graphics Library (LibGD) 2.2.5 as used in the PHP gd extension. The flaw arises in gdImageCreateFromXbm(), where input data can cause the function to use an uninitialized variable, potentially leaking contents from stack memory. Affected PHP branches are 7.1.x below ...

5.3CVSS5.5AI score0.04332EPSS
Exploits1References18Affected Software2
Cvelist
Cvelist
added 2019/06/18 11:28 p.m.46 views

CVE-2019-11038 Uninitialized read in gdImageCreateFromXbm

When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...

3.1CVSS6.2AI score0.04332EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2019/06/14 12:0 a.m.41 views

Amazon Linux AMI : php71 / php72,php73 (ALAS-2019-1225)

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exifiifaddvalue function. This may lead to information disclosure or crash. CVE-2019-11035 When processing certain files, PHP...

9.1CVSS6.5AI score0.07031EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2019/05/31 12:0 a.m.190 views

PHP 7.2.x < 7.2.19 Multiple Vulnerabilities.

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.19. It is, therefore, affected by the following vulnerabilities: - An uninitialized vulnerability exists in gdImageCreateFromXbm due to sscanf method not being able to read a hex value. An attacker...

9.1CVSS6.6AI score0.04332EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2019/05/22 12:0 a.m.19 views

PHP 7.2.x < 7.2.18 Heap-based Buffer Overflow Vulnerability

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.29, 7.2.x prior to 7.2.18 or 7.3.x prior to 7.3.5. It is, therefore, affected by a heap-based buffer over-read condition within estrndup of the exifprocessIFDTAG in the exif.c script. An...

9.1CVSS9.9AI score0.07031EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/04/17 12:0 a.m.30 views

CVE-2019-11035

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exifiifaddvalue function. This may lead to information disclosure or crash...

9.1CVSS6.9AI score0.04409EPSS
Exploits1References3
0day.today
0day.today
added 2019/04/09 12:0 a.m.887 views

PHP 7.2 - imagecolormatch() Out of Band Heap Write Exploit

&c= Example: GET/POST /exploit.php?f=0x7fe83d1bb480&c=id++/dev/shm/titi Target: PHP 7.2.x Tested on: PHP 7.2.12 / buf = unsigned long safeemallocsizeofunsigned long, 5 im2-colorsTotal, 0; for x=0; xsx; x++ for y=0; ysy; y++ color = im2-pixelsyx; rgb = im1-tpixelsyx; bp = buf + color 5; bp++++; bp...

8.8CVSS0.2AI score0.65116EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2019/04/08 12:0 a.m.189 views

PHP 7.2.x < 7.2.16 Multiple vulnerabilities.

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.16. It is, therefore, affected by multiple vulnerabilities: - Uninitialized reads in the EXIF component of PHP due to the mishandling of data in exifprocessIFDinMAKERNOTE, and exifprocessIFDinTIFF...

9.8CVSS7.1AI score0.09395EPSS
Exploits5References6
Rows per page
Query Builder