CVE-2025-9025

A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /portal.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the...

CVE-2012-10036

Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/uploadfile.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. T...

[SECURITY] Fedora 41 Update: php-8.3.23-1.fc41

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

OS Command Exec, Unix Command Shell, Reverse TCP SSL (telnet)

Execute an OS command from PHP. Creates an interactive shell via mkfifo and telnet. This method works on Debian and other systems compiled without /dev/tcp support. This module uses the '-z' option included on some systems to encrypt using SSL. Module Options msf use...

emacs security update

An update is available for emacs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNU Emacs is a powerful, customizable, self-documenting text editor. It provide...

BlueCMS 安全漏洞

BlueCMS is a PHP and MySQL based Content Management System CMS by 6arshid Personal Developer. A security vulnerability exists in BlueCMS version 1.6, which stems from a problem with the id parameter and could lead to arbitrary file deletion...

[SECURITY] Fedora 40 Update: php-8.3.19-1.fc40

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

[SECURITY] Fedora 41 Update: php-8.3.19-1.fc41

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

UBUNTU-CVE-2024-11235

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

Important: Red Hat Security Advisory: emacs security update

An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

PHP PDO driver for Snowflake 安全漏洞

PHP PDO driver for Snowflake is an open source PHP PDO driver from Snowflake Computing. A security vulnerability exists in the PHP PDO driver for Snowflake, which originates from a stage where execution of an unsupported query can result in a signed-to-unsigned conversion error, which can cause t...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal that stems from the existence of a problem...

RLSA-2024:10951 Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk CVE-2024-3096 php: Filter bypass in filtervar...

CLSA-2024-1734368090 php: Fix of CVE-2023-3824

CVE-2023-3824: Update length checking in PHAR directory entries reading to prevent stack buffer overflow and potential memory corruption or RCE...

Important: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this...

Important: Red Hat Security Advisory: ruby:3.1 security update

An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...

Important: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...

emacs security update

An update is available for emacs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNU Emacs is a powerful, customizable, self-documenting text editor. It provide...

RLSA-2024:6784 Moderate: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...