Lucene search
K

534 matches found

OSV
OSV
added 2018/05/01 5:29 p.m.2 views

DEBIAN-CVE-2017-18264

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

9.8CVSS9.6AI score0.02991EPSS
Exploits0References1
OSV
OSV
added 2018/05/01 5:29 p.m.31 views

CVE-2017-18264

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

9.8CVSS9.7AI score
Exploits0References3
OSV
OSV
added 2018/05/01 5:29 p.m.2 views

UBUNTU-CVE-2017-18264

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

9.8CVSS7.3AI score0.02991EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2018/05/01 5:0 p.m.31 views

CVE-2017-18264

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

9.8CVSS9.5AI score0.02991EPSS
Exploits0
OSV
OSV
added 2018/04/29 12:0 a.m.2 views

UBUNTU-CVE-2018-10546

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences...

7.5CVSS6.8AI score0.10564EPSS
Exploits0References5
OSV
OSV
added 2018/03/01 12:0 a.m.2 views

UBUNTU-CVE-2018-7584

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...

9.8CVSS7.2AI score0.87883EPSS
Exploits3References5
OSV
OSV
added 2018/01/16 9:29 a.m.3 views

ALPINE-CVE-2018-5712

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file...

6.1CVSS6.5AI score0.79949EPSS
Exploits0References1
OSV
OSV
added 2017/11/07 12:0 a.m.3 views

UBUNTU-CVE-2017-16642

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelibmeridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c...

7.5CVSS6.7AI score0.26373EPSS
Exploits2References5
OSV
OSV
added 2017/10/19 7:29 p.m.4 views

UBUNTU-CVE-2012-6707

WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a...

7.5CVSS7.1AI score0.01109EPSS
Exploits0References3
EUVD
EUVD
added 2017/08/02 7:0 p.m.5 views

EUVD-2017-16862

The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read 700 bytes from the top of the...

6.5CVSS6.4AI score0.03418EPSS
Exploits0References16
OSV
OSV
added 2017/07/25 12:0 a.m.1 views

UBUNTU-CVE-2017-11628

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input...

7.8CVSS7.5AI score0.03365EPSS
Exploits0References4
CNVD
CNVD
added 2017/07/11 12:0 a.m.2 views

PHP Information Disclosure Vulnerability (CNVD-2017-22595)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability exists in PHP 5.6.31 and earlier, versions 7.x through 7.0.21, and 7.1.x through 7.1.7, which stems from a lack of boun...

8.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/07/10 12:0 a.m.31 views

GLSA-201707-03 : phpMyAdmin: Security bypass

The remote host is affected by the vulnerability described in GLSA-201707-03 phpMyAdmin: Security bypass A vulnerability was discovered where the restrictions caused by $cfgServers$iAllowNoPassword = false are bypassed under certain PHP versions. This can lead compromised user accounts, who have ...

5.7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2017/05/12 12:0 a.m.14 views

PT-2017-2598

Name of the Vulnerable Software and Affected Versions PHP versions through 7.1.5 Description The issue is related to the zend string extend function in PHP, which does not prevent changes to string objects that result in a negative length. This allows remote attackers to cause a denial of service...

9.8CVSS7.2AI score0.9947EPSS
Exploits102References101
OpenVAS
OpenVAS
added 2017/04/18 12:0 a.m.48 views

PHP 7.x < 7.0.18, 7.1.x < 7.1.4 SSRF Security Bypass Vulnerability - Linux

PHP is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

7.4CVSS7.6AI score0.03514EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2017/03/30 12:0 a.m.46 views

FreeBSD : phpMyAdmin -- bypass 'no password' restriction (68611303-149e-11e7-b9bb-6805ca0b3d42)

The phpMyAdmin team reports : Summary Bypass $cfg'Servers'$i'AllowNoPassword' Description A vulnerability was discovered where the restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions. This can allow the login of users who have no password set ev...

5.6AI score
Exploits0References2
FreeBSD
FreeBSD
added 2017/03/28 12:0 a.m.24 views

phpMyAdmin -- bypass 'no password' restriction

The phpMyAdmin team reports: Summary Bypass $cfg'Servers'$i'AllowNoPassword' Description A vulnerability was discovered where the restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions. This can allow the login of users who have no password set eve...

1.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/03/13 12:0 a.m.12 views

Fedora 25 : php-pear-PHP-CodeSniffer (2017-ca3f01bd37)

Version 2.8.1 - This release contains a fix for a security advisory related to the improper handling of shell commands - Uses of shellexec and exec were not escaping filenames and configuration settings in most cases - A properly crafted filename or configuration option would allow for arbitrary...

6.3AI score
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2017/02/26 10:15 p.m.20 views

Arbitrary shell execution

Security Advisory This release contains a fix for a security advisory related to the improper handling of shell commands Uses of shellexec and exec were not escaping filenames and configuration settings in most cases A properly crafted filename or configuration option would allow for arbitrary co...

0.9AI score
Exploits0Affected Software1
seebug.org
seebug.org
added 2017/01/20 12:0 a.m.27 views

MyBB <= 1.8.3 remote code execution vulnerability

Taoguang Chen @chtg57 - Write Date: 2015.4.28 - Release Date: 2017.1.20 A type-confusion vulnerability was discovered in GMP deserialization with crafted object's wakeup magic method that can be abused for updating any already assigned properties of any already created objects, this result in...

7.8AI score
Exploits0
Rows per page
Query Builder