[SECURITY] Fedora 29 Update: php-symfony3-3.4.20-1.fc29

Symfony PHP framework version 3. NOTE: Does not require PHPUnit bridge...

[SECURITY] Fedora 28 Update: php-symfony4-4.0.15-1.fc28

Symfony PHP framework version 4. NOTE: Does not require PHPUnit bridge...

Drupal 8.x < 8.2.7 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A security bypass vulnerability exists in the editor module due to a failure to properly check access restrictions when adding private files with a configured text editor e.g...

[SECURITY] Fedora 28 Update: php-symfony3-3.4.14-1.fc28

Symfony PHP framework version 3. NOTE: Does not require PHPUnit bridge...

[SECURITY] Fedora 27 Update: php-symfony4-4.0.14-1.fc27

Symfony PHP framework version 4. NOTE: Does not require PHPUnit bridge...

[SECURITY] Fedora 27 Update: php-symfony3-3.3.18-1.fc27

Symfony PHP framework version 3. NOTE: Does not require PHPUnit bridge...

[SECURITY] Fedora 27 Update: php-symfony3-3.3.17-1.fc27

Symfony PHP framework version 3. NOTE: Does not require PHPUnit bridge...

[SECURITY] Fedora 28 Update: php-symfony4-4.0.11-1.fc28

Symfony PHP framework version 4. NOTE: Does not require PHPUnit bridge...

[SECURITY] Fedora 28 Update: php-symfony3-3.4.11-1.fc28

Symfony PHP framework version 3. NOTE: Does not require PHPUnit bridge...

PHPUnit 'CVE-2017-9841' RCE Vulnerability (HTTP) - Active Check

PHPUnit is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only nb: - For very large web pages w...

[SECURITY] Fedora 27 Update: php-symfony4-4.0.1-1.fc27

Symfony PHP framework version 4. NOTE: Does not require PHPUnit bridge...

MGASA-2017-0429 Updated mediawiki packages fix security vulnerabilities

XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping CVE-2017-8808. Reflected File Download from api.php CVE-2017-8809. On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password CVE-2017-8810. It's possible to...

Updated mediawiki packages fix security vulnerabilities

XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping CVE-2017-8808. Reflected File Download from api.php CVE-2017-8809. On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password CVE-2017-8810. It's possible to...

GLSA-201711-15 : PHPUnit: Remote code execution

The remote host is affected by the vulnerability described in GLSA-201711-15 PHPUnit: Remote code execution When PHPUnit is installed in a production environment via composer and these modules are in a web accessible directory, the eval-stdin.php file in PHPUnit contains vulnerable statements tha...

FreeBSD : mediawiki -- multiple vulnerabilities (298829e2-ccce-11e7-92e4-000c29649f92)

mediawiki reports : security fixes : T128209: Reflected File Download from api.php. Reported by Abdullah Hussam. T165846: BotPasswords doesn't throttle login attempts. T134100: On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password. T178451:...

PHPUnit: Remote code execution

Background PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. Description When PHPUnit is installed in a production environment via composer and these modules are in a web accessible directory, the eval-stdin.php fi...

mediawiki -- multiple vulnerabilities

mediawiki reports: security fixes: T128209: Reflected File Download from api.php. Reported by Abdullah Hussam. T165846: BotPasswords doesn't throttle login attempts. T134100: On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password. T178451: XS...

Zomato: Potential server misconfiguration leads to disclosure of vendor/ directory

Hi, Apologies for the weakness label, it was the closest I could find for what appears to be a server misconfiguration. Typically, in MVC frameworks like Slim which I see you are using here, Symfony, Laravel, etc., the front controller is the only thing exposed, leaving vendor/, logs/, and others...

Multiple Plugins - Unauthenticated RCE via PHPUnit

There was an Unauthenticated Remote Code Execution RCE vulnerability in PHPUnit, a widely used testing framework for PHP. This vulnerability has been seen exploited in the wild. PoC curl -X POST --data ""...

Multiple Plugins - Unauthenticated RCE via PHPUnit

There was an Unauthenticated Remote Code Execution RCE vulnerability in PHPUnit, a widely used testing framework for PHP. This vulnerability has been seen exploited in the wild. curl -X POST --data ""...