Lucene search
+L

215 matches found

OSV
OSV
added 2022/05/17 3:16 a.m.29 views

GHSA-XP8P-9RQ5-4WGV ZendXml and Zend Framework contain XXE and XEE Vulnerabilities

The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...

6.8CVSS6.8AI score0.09911EPSS
Exploits7References19
OSV
OSV
added 2022/05/14 12:56 a.m.32 views

GHSA-GP39-H9C2-QW79 Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

6.8CVSS9.5AI score0.02164EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.27 views

Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

6.8CVSS6.9AI score0.02164EPSS
Exploits0References8Affected Software10
OpenVAS
OpenVAS
added 2021/11/21 12:0 a.m.9 views

SUSE: Security Advisory (SUSE-SU-2021:3727-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.01337EPSS
Exploits1References2
OSV
OSV
added 2021/11/18 1:0 p.m.5 views

SUSE-SU-2021:3726-1 Security update for php74

This update for php74 fixes the following issues: - CVE-2021-21703: Fixed local privilege escalation via PHP-FPM bsc1192050...

7.8CVSS7.8AI score0.01337EPSS
Exploits1References3
Mageia
Mageia
added 2021/10/31 11:12 a.m.46 views

Updated php packages fix security vulnerability

Updated php packages fix security vulnerability: In PHP versions 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main...

7.8CVSS2.6AI score0.01337EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/10/28 12:0 a.m.10 views

Ubuntu: Security Advisory (USN-5125-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.01337EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2021/10/27 9:50 p.m.113 views

USN-5125-1: PHP vulnerability

It was discovered that PHP-FPM in PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

7.8CVSS7.5AI score0.01337EPSS
Exploits1
OSV
OSV
added 2021/10/27 9:50 p.m.6 views

USN-5125-1 php5, php7.0, php7.2, php7.4, php8.0 vulnerability

It was discovered that PHP-FPM in PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

7.8CVSS6.9AI score0.01337EPSS
Exploits1References2
Debian
Debian
added 2021/10/25 8:25 p.m.57 views

[SECURITY] [DSA 4993-1] php7.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4993-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 25, 2021 https://www.debian.org/security/faq -...

6.9CVSS2.4AI score0.01337EPSS
Exploits1
OSV
OSV
added 2021/10/21 12:0 a.m.4 views

UBUNTU-CVE-2021-21703

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the...

7.8CVSS6.9AI score0.01337EPSS
Exploits1References5
CVE
CVE
added 2021/10/06 8:28 p.m.54 views

CVE-2021-42040

CVE-2021-42040 affects MediaWiki up to 1.36.2, where a loop-control parser function in the Loops extension mishandles egLoopsCountLimit, allowing an infinite loop and potential memory exhaustion. Public references from PT-Security indicate upgrades to fixed branches: update to MediaWiki 1.36.3+ f...

7.5CVSS7.4AI score0.01122EPSS
Exploits0References2Affected Software1
Gitee
Gitee
added 2021/09/20 11:12 p.m.16 views

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The exploit targets a vulnerability in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit works by appending a specially crafted URL to the web server, which...

9.8CVSS7.7AI score0.9947EPSS
Exploits56
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.31 views

SUSE: Security Advisory (SUSE-SU-2020:2896-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.3AI score0.05029EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2020:2997-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS8AI score0.05029EPSS
Exploits1References6
Hacker One
Hacker One
added 2021/04/08 5:20 p.m.80 views

Algolia: PHP-FPM status page disclosure

A page leaking debug information was publicly accessible...

2.3AI score
Exploits0
Gitee
Gitee
added 2021/01/18 5:38 p.m.14 views

Exploit for Out-of-bounds Write in Php

This is an exploit for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit works by setting the PHPVALUE path info to a malicious value, whic...

9.8CVSS8.2AI score0.9947EPSS
Exploits56
Gitee
Gitee
added 2020/12/09 3:19 p.m.19 views

Exploit for Out-of-bounds Write in Php

PoC exploit for CVE-2019-11043, an exploit for a bug in php-fpm. The exploit targets a vulnerability in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit assumes that the nginx configuration has a location block that forwar...

9.8CVSS8.3AI score0.9947EPSS
Exploits56
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.38 views

SUSE SLES12 Security Update : php74 (SUSE-SU-2020:2896-1)

This update for php74 fixes the following issues : CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrit...

6.5CVSS6.8AI score0.05029EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.45 views

SUSE SLES12 Security Update : php7 (SUSE-SU-2020:2920-1)

This update for php7 fixes the following issues : CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names bsc1177352. Added tmpfiles.d for php-fpm to provide a base for a socket bsc1173786 Note that Tenable Network Security has...

5.3CVSS6.8AI score0.05029EPSS
Exploits1References5
Rows per page
Query Builder