195 matches found
Exploit for Code Injection in Phpunit_Project Phpunit
laravel phpunit rce masscanner CVE-2017-9841 Masscanner for La...
Exploit for Code Injection in Phpunit_Project Phpunit
laravel phpunit rce masscanner CVE-2017-9841 Masscanner for La...
Exploit for Code Injection in Phpunit_Project Phpunit
laravel phpunit rce masscanner CVE-2017-9841 Masscanner for La...
Exploit for Code Injection in Phpunit_Project Phpunit
laravel phpunit rce masscanner CVE-2017-9841 Masscanner for La...
Exploit for Code Injection in Phpunit_Project Phpunit
laravel phpunit rce masscanner CVE-2017-9841 Masscanner for La...
[SECURITY] Fedora 34 Update: php-symfony4-4.4.24-1.fc34
Symfony PHP framework version 4. NOTE: Does not require PHPUnit bridge...
[SECURITY] Fedora 33 Update: php-symfony4-4.4.24-1.fc33
Symfony PHP framework version 4. NOTE: Does not require PHPUnit bridge...
[SECURITY] Fedora 33 Update: php-symfony3-3.4.49-1.fc33
Symfony PHP framework version 3. NOTE: Does not require PHPUnit bridge...
VulnCheck KEV: CVE-2017-9841
PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI...
openSUSE Security Update : nextcloud (openSUSE-2020-1652)
This update for nextcloud fixes the following issues : nextcloud version 20.0.0 fix some security issues : - NC-SA-2020-037 PIN for passwordless WebAuthm is asked for but not verified - NC-SA-2020-033 CVE-2020-8228 Missing rate limit on signup page - NC-SA-2020-029 CVE-2020-8233, boo1177346...
Security update for nextcloud (moderate)
openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:1652-1 Rating: moderate References: 1171572 1171579 1177346 Cross-References: CVE-2020-8154 CVE-2020-8155 CVE-2020-8183 CVE-2020-8228 CVE-2020-8233 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1...
[SECURITY] Fedora 33 Update: php-symfony4-4.4.13-1.fc33
Symfony PHP framework version 4. NOTE: Does not require PHPUnit bridge...
[SECURITY] Fedora 32 Update: php-symfony4-4.4.13-1.fc32
Symfony PHP framework version 4. NOTE: Does not require PHPUnit bridge...
Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit
The plugin uses an outdated PHPUnit library, which is known to be affected by an unauthenticated RCE issue. February 28th, 2020 - Ticket sent to vendor via https://support.cedcommerce.com/open.php March 6th, 2020 - Update requested to vendor also realised that the ticket was closed w/o reason giv...
Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit
The plugin uses an outdated PHPUnit library, which is known to be affected by an unauthenticated RCE issue. February 28th, 2020 - Ticket sent to vendor via https://support.cedcommerce.com/open.php March 6th, 2020 - Update requested to vendor also realised that the ticket was closed w/o reason giv...
Nextcloud: PHPUnit is included in groupfolders release package potentially causing RCE
The groupfolders tarball contains the phpunit code in the vendor directory https://github.com/nextcloud/groupfolders/releases/download/v6.0.2/groupfolders.tar.gz . As discussed on https://thephp.cc/news/2020/02/phpunit-a-security-risk this really is a potential security risk. The phpunit code...
Remote Code Execution in extension "PHPUnit" (phpunit)
A PHP script located in “src/Util/PHP/eval-stdin.php” can be used to execute arbitrary PHP code in context of the webserver. The vulnerability is only exploitable if the vendor/ directory is publicly accessible...
GHSA-W2FR-65VP-MXW3 Deserialization of untrusted data in Symfony
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...
GHSA-769F-539V-F5JG PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841
Impact We have identified that some gamification module ZIP archives have been built with phpunit dev dependencies. PHPUnit contains a php script that would allow, on a webserver, an attacker to perform a RCE. This vulnerability impacts - phpunit before 4.8.28 and 5.x before 5.6.3 as reported in...
PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841
Impact We have identified that some gamification module ZIP archives have been built with phpunit dev dependencies. PHPUnit contains a php script that would allow, on a webserver, an attacker to perform a RCE. This vulnerability impacts - phpunit before 4.8.28 and 5.x before 5.6.3 as reported in...