Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2024/03/02 12:31 a.m.•27 views

phpseclib a large prime can cause a denial of service

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2528-jw5q-ww88. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can...

7.5CVSS7AI score0.00815EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/08/03 6:2 a.m.•27 views

Observable Response Discrepancy on Admin Login

Description Impact It allows over the Admin Login form to detect which user username, email exists and which one do not exist. Impacted by this issue are Sulu installation = 2.5.0 and getMessage; instead the $exception-getMessageKey; References Currently no references...

4CVSS6.7AI score0.00496EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/04/25 9:11 a.m.•27 views

Directory traversal vulnerability in the file manager

More info at https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html...

6.5CVSS7.2AI score0.00797EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/06/14 7:11 a.m.•27 views

TYPO3-CORE-SA-2022-004: Cross-Site Scripting in Frontend Login Mailer

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-004...

5.4CVSS7.2AI score0.00717EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/03/20 1:44 p.m.•27 views

Inproper parsing of HTTP headers

Impact Improper header parsing. An attacker could sneak in a carriage return character \r and pass untrusted values in both the header names and values. Patches The issue is patched in 1.8.4 and 2.1.1. Workarounds There are no known workarounds. References...

7.5CVSS5.8AI score0.02384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/10/23 11:11 a.m.•27 views

CVE-2021-41268: Remember me cookie persistance after password changes

More info at https://symfony.com/cve-2021-41268...

8.8CVSS7.2AI score0.01283EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/10/09 12:10 p.m.•27 views

CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request

More info at https://symfony.com/cve-2021-41267...

6.5CVSS7.2AI score0.01239EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/10/05 7:39 a.m.•27 views

Improper escaping of command arguments on Windows leading to command injection

Impact Windows users running Composer to install untrusted dependencies are affected and should definitely upgrade for safety. Other OSs and WSL are not affected. Patches 1.10.23 and 2.1.9 fix the issue Workarounds None...

9.8CVSS9.3AI score0.02904EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/05/25 1:46 p.m.•27 views

Read private customer data reclaiming carts

Klaviyo read customer quotes for guest carts April 28th I've found a endpoint in a thirth party module Klaviyo Magento 2 which allows to read private customer data from stores. It works by reclaiming any guest-cart as your own and reading the private data for the orders in the Magento API. Data...

0.5AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/05/12 8:0 a.m.•27 views

CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms

More info at https://symfony.com/cve-2021-21424...

5.3CVSS5.7AI score0.01712EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/01/24 10:44 p.m.•27 views

Smarty_Internal_Runtime_TplFunction Sandbox Escape PHP Code Injection

More info at https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html...

9.8CVSS7.2AI score0.82316EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/09/24 1:26 a.m.•27 views

Non-jqueryMsg version of mw.message(…).parse() doesn't escape HTML

More info at https://phabricator.wikimedia.org/T115888...

6.1CVSS7.2AI score0.01089EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/09/21 4:46 p.m.•27 views

Special:UserRights exposes the existence of hidden users

More info at https://phabricator.wikimedia.org/T232568...

5.3CVSS7.2AI score0.01291EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/28 8:18 a.m.•27 views

TYPO3-CORE-SA-2020-007: Potential Privilege Escalation

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-007...

8.1CVSS7.2AI score0.01782EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/16 7:31 a.m.•27 views

Sensitive Information Disclosure in extension "Media Content Element" (mediace)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2020-014...

7.5CVSS9AI score0.02721EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•27 views

TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-001...

4.3CVSS7.2AI score0.01188EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•27 views

TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-001...

4.3CVSS7.2AI score0.01188EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/30 2:0 p.m.•27 views

CVE-2020-5275: All rules set in "access_control" are required when the firewall is configured with the unanimous strategy

More info at https://symfony.com/cve-2020-5275...

8.1CVSS7.2AI score0.01148EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/18 10:16 p.m.•27 views

SQL injection with processing username

More info at https://www.phpmyadmin.net/security/PMASA-2020-2/...

8CVSS7.2AI score0.02694EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/02/04 11:40 a.m.•27 views

Relative Path Traversal (CWE-23) in chunked uploads

Description Impact The vulnerability was identified in the web service for a chunked file upload. While the names of the POST parameters vary with the used frontend, their values are always used in the same way to build a path where the chunks are stored and assembled temporarily. By not validati...

6.5CVSS8.6AI score0.03929EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/01/18 10:13 p.m.•27 views

SQL injection relating to searching

More info at https://www.phpmyadmin.net/security/PMASA-2020-3/...

6CVSS7.7AI score0.02115EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/01/01 1:54 p.m.•27 views

SQL injection in user accounts page

More info at https://www.phpmyadmin.net/security/PMASA-2020-1/...

8.8CVSS7.2AI score0.38778EPSS
Exploits4Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:51 a.m.•27 views

SQL Injection in low-level Query Generator

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-025...

7.2CVSS7.2AI score0.00868EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•27 views

PRODSECBUG-2419: Bypass of sitemp access restrictions

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.00992EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•27 views

PRODSECBUG-2425: Cross-Site Scripting via Signifyd Guarantee Option Translation Override

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 1:49 p.m.•27 views

CVE-2019-12245: Incorrect access control vulnerability in files uploaded to protected folders

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12245/...

5.3CVSS7.2AI score0.01369EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:39 a.m.•27 views

Insecure Deserialization in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-020...

8.8CVSS7.2AI score0.01525EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•27 views

PRODSECBUG-2364: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/12/11 9:55 a.m.•27 views

Cross-Site Scripting in CKEditor

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-005...

6.1CVSS9.7AI score0.01954EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/11/06 11:52 a.m.•27 views

CVE-2018-19790: Open Redirect Vulnerability on login

More info at https://symfony.com/cve-2018-19790...

6.1CVSS7.2AI score0.01485EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/10/21 6:5 p.m.•27 views

Loading JS from user space where the username is not a registered account is dangerous and should be banned

More info at https://phabricator.wikimedia.org/T207603...

6.1CVSS7.2AI score0.01285EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/02/20 9:35 p.m.•27 views

jQuery vulnerability with untrusted domains.

More info at https://www.drupal.org/SA-CORE-2018-001...

6.1CVSS7.2AI score0.01247EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/11/16 3:14 p.m.•27 views

CVE-2017-16790: Ensure that submitted data are uploaded files

More info at https://symfony.com/cve-2017-16790...

6.5CVSS7.2AI score0.01553EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/11/15 8:53 a.m.•27 views

SQL injection vulnerabililty in the front end listing module

More info at https://contao.org/en/news/contao-448.html...

9.8CVSS7.2AI score0.01178EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/11/15 8:51 a.m.•27 views

SQL injection vulnerabililty in the back end search filter

More info at https://contao.org/en/news/contao-448.html...

9.8CVSS7.2AI score0.01178EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/04/26 1:24 p.m.•27 views

Unauthenticated encryption in CBC mode

More info at https://simplesamlphp.org/security/201704-01...

5.9CVSS7.2AI score0.00875EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/03/17 9:34 a.m.•27 views

Multiple timing side-channel issues

More info at https://simplesamlphp.org/security/201703-01...

5.9CVSS7.2AI score0.01446EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/09/21 6:39 p.m.•27 views

Full config export can be downloaded without administrative permissions

More info at https://www.drupal.org/SA-CORE-2016-004...

4.3CVSS7.2AI score0.01716EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/07/18 8:27 p.m.•27 views

HTTP Proxy header vulnerability

Bug Fixes - Removed support for using HTTPPROXY environment variable for non-CLI apps per CVE-2016-5385 httpoxy. Graham Campbell 143 145 - Convert BUGSNAGNOTIFYRELEASESTAGES to a comma-delimited array Jason Graham Campbell 142 144...

8.1CVSS6.3AI score0.50427EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/15 6:57 p.m.•27 views

Form API ignores access restrictions on submit buttons

More info at https://www.drupal.org/SA-CORE-2016-001...

7.5CVSS7.2AI score0.0136EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/08/12 3:53 p.m.•27 views

Remote code execution in templates

More info at https://symfony.com/blog/security-release-twig-1-20-0...

6.8CVSS7.2AI score0.03398EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/07/10 6:12 p.m.•27 views

class yii\web\ViewAction allowed to include arbitrary files that end with .php

More info at https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/...

9.8CVSS7.2AI score0.0074EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/05/26 11:55 p.m.•27 views

CVE-2015-4050: ESI unauthorized access

More info at https://symfony.com/cve-2015-4050...

4.3CVSS7.2AI score0.08269EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/09/03 7:37 a.m.•27 views

Denial of service with a malicious HTTP Host header

More info at https://symfony.com/cve-2014-5244...

7.2AI score0.01663EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/06/30 7:15 a.m.•27 views

The CDetailView widget allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property

More info at https://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/...

7.5CVSS7.2AI score0.02122EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2013/08/17 9:14 a.m.•27 views

Request::getHost() poisoning

More info at https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released...

6.1CVSS7.2AI score0.02313EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

Deserialization Gadget chain in Swift Mailer

Summary Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. Details This vulnerability present no direct threat but is a vector that will enable remote code executio...

9CVSS5.7AI score0.01485EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

CVE-2019-10910: Check service IDs are valid

More info at https://symfony.com/cve-2019-10910...

9.8CVSS7.2AI score0.0595EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

More info at https://symfony.com/cve-2019-18888...

7.5CVSS7.2AI score0.02248EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

CVE-2019-10909: Escape validation messages in the PHP templating engine

More info at https://symfony.com/cve-2019-10909...

5.4CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702