Lucene search
K

132 matches found

Tenable Nessus
Tenable Nessus
added 2020/02/28 12:0 a.m.57 views

Amazon Linux AMI : php72 (ALAS-2020-1346)

The version of php72 installed on the remote host is prior to 7.2.27-1.20. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1346 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...

9.1CVSS7.1AI score0.08888EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2020/02/28 12:0 a.m.52 views

Amazon Linux AMI : php73 (ALAS-2020-1347)

The version of php73 installed on the remote host is prior to 7.3.14-1.23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1347 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...

9.1CVSS7.1AI score0.08888EPSS
Exploits2References5
Cvelist
Cvelist
added 2020/02/27 8:25 p.m.19 views

CVE-2020-7063 Files added to tar with Phar::buildFromIterator have all-access permissions

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...

5.5CVSS7.4AI score0.01599EPSS
Exploits1References8
AlpineLinux
AlpineLinux
added 2020/02/27 8:25 p.m.37 views

CVE-2020-7061

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...

9.1CVSS7.6AI score0.03976EPSS
Exploits1
0day.today
0day.today
added 2020/02/15 12:0 a.m.97 views

PHP 7.0 < 7.4 (Unix) - debug_backtrace disable_functions Bypass Exploit

a; $backtrace = new Exception-getTrace; ; if!isset$backtrace1'args' PHP = 7.4 $backtrace = debugbacktrace; class Helper public $a, $b, $c, $d; function str2ptr&$str, $p = 0, $s = 8 $address = 0; for$j = $s-1; $j = 0; $j-- $address = 8; return $out; function write&$str, $p, $v, $n = 8 $i = 0; for$...

0.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2020/02/10 8:15 a.m.54 views

CVE-2020-7060

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbflfiltconvbig5wchar to read past the allocated buffer. This may lead to information disclosur...

9.1CVSS6.8AI score0.08888EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/02/10 12:0 a.m.296 views

Amazon Linux AMI : php72, php73 (ALAS-2020-1339)

The version of php72 installed on the remote host is prior to 7.2.26-1.19. The version of php73 installed on the remote host is prior to 7.3.13-1.22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1339 advisory. In PHP versions 7.2.x below 7.2.26, 7.3.x belo...

9.8CVSS7.2AI score0.08818EPSS
Exploits5References13
Tenable Nessus
Tenable Nessus
added 2020/01/27 12:0 a.m.109 views

PHP 7.4.x < 7.4.2 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is prior to 7.2.27, 7.3.x prior to 7.3.14, or 7.4.x prior to 7.4.2. It is, therefore, affected by multiple vulnerabilities: - A buffer overflow exists in mbflfiltconvbig5wchar due to an input validation error...

9.1CVSS9.1AI score0.08888EPSS
Exploits2References4
Packet Storm
Packet Storm
added 2019/12/30 12:0 a.m.235 views

HomeAutomation 3.3.2 Authentication Bypass

HomeAutomation v3.3.2 Authentication Bypass Exploit Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Summary: HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus...

0.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/12/29 12:0 a.m.112 views

HomeAutomation v3.3.2 CSRF Remote Command Execution (PHP Reverse Shell) PoC

Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...

8.5CVSS7.6AI score0.01059EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2019/12/21 12:0 a.m.14 views

PT-2019-4739 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.25 PHP versions 7.3.x through 7.3.12 PHP version 7.4.0 Description: The issue is related to the PHP EXIF extension when parsing EXIF information from an image, for example, via the exif read data function. It is...

9.8CVSS7.6AI score0.9947EPSS
Exploits103References430
Tenable Nessus
Tenable Nessus
added 2019/09/09 12:0 a.m.27 views

Fedora 29 : roundcubemail (2019-d9c2f1ec70)

Version 1.3.10 - Managesieve: Fix so 'Create filter' option does not show up when Filters menu is disabled 6723 - Enigma: Fix bug where revoked users/keys were not greyed out in key info - Enigma: Fix error message when trying to encrypt with a revoked key 6607 - Enigma: Fix 'decryption oracle' b...

7.4CVSS6.7AI score0.00927EPSS
Exploits1References3
Rows per page
Query Builder