Lucene search
+L

210 matches found

nvd
nvd
added 2018/02/19 7:29 p.m.34 views

CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this...

6.8CVSS7.7AI score0.04255EPSS
Exploits1References8
debiancve
debiancve
added 2018/02/19 7:0 p.m.74 views

CVE-2015-9253

Removed by vendor...

6.8CVSS7.9AI score0.04255EPSS
Exploits1
alpinelinux
alpinelinux
added 2018/02/19 7:0 p.m.73 views

CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this...

6.8CVSS8.1AI score0.04255EPSS
Exploits1
ubuntucve
ubuntucve
added 2018/02/19 12:0 a.m.55 views

CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this...

6.8CVSS7.1AI score0.04255EPSS
Exploits1References6
hackerone
hackerone
added 2018/01/12 9:42 p.m.66 views

Internet Bug Bounty: ACME TLS-SNI-01/02 challenge vulnerable when combined with shared hosting providers

The ACME TLS-SNI-01 and TLS-SNI-02 specification assumed wrong in terms of how current major cloud providers routed and validated domains. This was reported earlier this week to Let's Encrypt, and they decided to disable the method. Today Let's Encrypt decided to sunset both TLS-SNI-01 and...

6.8AI score
Exploits0
threatpost
threatpost
added 2017/09/19 10:29 a.m.9 views

Risks Limited With Latest Apache Bug, Optionsbleed

Servers running Apache software are susceptible to memory leaks that an attacker could theoretically piece together to learn secrets transmitted during a session. But the risk is most pressing only in shared hosting environments apparently, and only if the software is running a certain rare...

7AI score
Exploits0References1
openvas
openvas
added 2017/08/11 12:0 a.m.64 views

Ubuntu: Security Advisory (USN-3382-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.2AI score0.07511EPSS
Exploits7References2
debiancve
debiancve
added 2017/03/02 6:0 a.m.58 views

CVE-2015-8994

Removed by vendor...

7.5CVSS8.6AI score0.02937EPSS
Exploits1
ptsecurity
ptsecurity
added 2017/03/02 12:0 a.m.7 views

PT-2017-1613 · Zend Technologies +4 · Zend Opcache +6

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.6.28 PHP versions prior to 7.0.13 Description: The issue exists due to inadequate access control when inheriting certain classes related to operational code in PHP configurations using apache2handler/mod php or php-fpm...

9.8CVSS7.1AI score0.07511EPSS
Exploits7References70
ubuntucve
ubuntucve
added 2017/03/02 12:0 a.m.36 views

CVE-2015-8994

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

7.5CVSS7.1AI score0.02937EPSS
Exploits1References2
fireeye
fireeye
added 2016/06/28 5:0 a.m.30 views

The Latest Android Overlay Malware Spreading via SMS Phishing in Europe

Introduction In April 2016, while investigating a Smishing campaign dubbed RuMMS that involved the targeting of Android users in Russia, we also noticed three similar Smishing campaigns reportedly spreading in Denmark February 2016, in Italy February 2016, and in both Denmark and Italy April 2016...

7.3AI score
Exploits0
htbridge
htbridge
added 2015/12/21 12:0 a.m.535 views

Remote Code Execution in Roundcube

High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in a popular webmail client Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to execute arbitrary code and totally compromise the vulnerable server. Th...

6CVSS0.9AI score0.23592EPSS
Exploits5Affected Software1
kitploit
kitploit
added 2015/10/28 7:53 p.m.25 views

LMD - Linux Malware Detect

Linux Malware Detect LMD is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and...

7AI score
Exploits0References1
redhat
redhat
added 2014/08/21 3:29 p.m.6 views

tomcat: information disclosure via XXE when running untrusted web applications

It was found that several application-provided XML files, such as web.xml, content.xml, .tld, .tagx, and .jspx, resolved external entities, permitting XML External Entity XXE attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictio...

4.3CVSS6.6AI score0.09487EPSS
Exploits1References4
nessus
nessus
added 2014/08/12 12:0 a.m.35 views

Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20140811)

It was found that several application-provided XML files, such as web.xml, content.xml, .tld, .tagx, and .jspx, resolved external entities, permitting XML External Entity XXE attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictio...

4.3CVSS6.5AI score0.09487EPSS
Exploits1References3
centos
centos
added 2014/08/11 6:4 p.m.72 views

tomcat6 security update

CentOS Errata and Security Advisory CESA-2014:1038 Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

4.3CVSS6.7AI score0.09487EPSS
Exploits1References7
redhat
redhat
added 2014/08/11 4:44 p.m.33 views

Low: Red Hat Security Advisory: tomcat6 security update

Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

4.3CVSS6.7AI score0.09487EPSS
Exploits1References4
redhat
redhat
added 2014/08/11 4:44 p.m.5 views

tomcat: information disclosure via XXE when running untrusted web applications

It was found that several application-provided XML files, such as web.xml, content.xml, .tld, .tagx, and .jspx, resolved external entities, permitting XML External Entity XXE attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictio...

4.3CVSS6.6AI score0.09487EPSS
Exploits1References4
seebug
seebug
added 2014/07/01 12:0 a.m.27 views

PHP 4.x tempnam() Function open_basedir Restriction Bypass

No description provided by source. source: http://www.securityfocus.com/bid/17439/info PHP is prone to multiple 'safemode' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.11 views

PHP 5.2 FOpen Safe_Mode Restriction-Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22261/info PHP is prone to a 'safemode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write files in unauthorized locations; other attacks may also be possible. This vulnerability would ...

7.1AI score
Exploits0
Rows per page
Query Builder