Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2015/05/19 5:40 p.m.•25 views

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

6.1CVSS7.2AI score0.01009EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/05/07 8:16 a.m.•25 views

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

6.1CVSS7.2AI score0.01009EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/02/12 1:44 p.m.•25 views

A directory traversal vulnerability allows back end users to view files outside their document root

More info at https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html...

4.3CVSS5AI score0.01419EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/09/16 10:0 p.m.•25 views

SQL injection vector when manually quoting values for sqlsrv extension, using null byte

More info at https://framework.zend.com/security/advisory/ZF2014-06...

9.8CVSS7.2AI score0.0255EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/09/14 6:13 p.m.•25 views

Potential XXE security issue

improved XXE fix CVE-2014-2053...

7.5CVSS9.3AI score0.04681EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/09/03 7:38 a.m.•25 views

Security issue when parsing the Authorization header

More info at https://symfony.com/cve-2014-6061...

7.2AI score0.00956EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/05/22 9:34 a.m.•25 views

Possible Host Spoofing through SERVER_NAME

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...

5CVSS7.2AI score0.02662EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2013/08/17 7:55 a.m.•25 views

Validation metadata serialization and loss of information

More info at https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released...

8.1CVSS7.2AI score0.01445EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2013/01/15 9:16 p.m.•25 views

Ability to enable/disable PHP parsing in Yaml::parse()

More info at https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released...

7.5CVSS6.8AI score0.01619EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2010/04/26 4:6 p.m.•25 views

Multiple XSS vulnerabilities exploitable on Internet Explorer

More info at http://htmlpurifier.org/security/2010/css-quoting...

4.3CVSS7.2AI score0.00902EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

Existing sessions are not correctly invalidated when a user changes their password

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10641.html...

9.8CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

CVE-2019-18889: Forbid serializing AbstractAdapter and TagAwareAdapter instances

More info at https://symfony.com/cve-2019-18889...

9.8CVSS7.2AI score0.33247EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

CVE-2019-12186: XSS injection in the Grid component

More info at https://sylius.com/blog/cve-2019-12186/...

4.8CVSS7.2AI score0.00552EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

CVE-2020-15245: Ability to switch customer email address on account detail page and stay verified

Impact The user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any...

4.3CVSS4.4AI score0.0062EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

Denial of Service via HTTP/2 CONTINUATION Frames

amphp/http will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. amphp/http-client and amphp/http-server are indirectly affected if they're used with an unpatched version of...

8.2CVSS7.8AI score0.83244EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

Password reset phishing vulnerability

More info at https://laravel.com/docs/5.4/releaseslaravel-5.4.22...

6.1CVSS7.2AI score0.00959EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010

More info at https://www.drupal.org/sa-core-2020-010...

6.1CVSS7.2AI score0.00643EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

Moderately critical - Third-party libraries - SA-CORE-2019-007

More info at https://www.drupal.org/SA-CORE-2019-007...

9.8CVSS7.2AI score0.05586EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008

More info at https://www.drupal.org/sa-core-2020-008...

5.3CVSS7.2AI score0.00928EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

More info at https://symfony.com/cve-2019-18888...

7.5CVSS7.2AI score0.02248EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/06/09 10:36 a.m.•24 views

TYPO3-EXT-SA-2023-004: Cross-Site Scripting in extension "Faceted Search" (ke_search)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-004...

5.8CVSS6.9AI score0.00341EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/02/07 9:24 a.m.•24 views

TYPO3-CORE-SA-2023-001: Persisted Cross-Site Scripting in Frontend Rendering

More info at https://typo3.org/security/advisory/typo3-core-sa-2023-001...

8.8CVSS7.2AI score0.00831EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/12/22 2:49 a.m.•24 views

CVE-2022-46170: Potential Session Handlers Vulnerability

Impact When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user pages, they may be able to access pages...

9.8CVSS9.1AI score0.00841EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/09/13 8:6 a.m.•24 views

TYPO3-CORE-SA-2022-007: User Enumeration via Response Timing

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-007...

5.3CVSS7.2AI score0.00977EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/07/25 7:29 p.m.•24 views

Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack.

Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from X-Forwarded-...

7.2CVSS6.3AI score0.00615EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/06/14 7:11 a.m.•24 views

TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-005...

7.2CVSS7.2AI score0.01165EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/05/05 6:38 a.m.•24 views

Cross site scripting via canonical URL

More info at https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html...

7.2CVSS7.2AI score0.04396EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/11/21 12:0 a.m.•24 views

CVE-2022-38146 - URL XSS vulnerability due to outdated jquery in CMS

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38146...

5.4CVSS7.2AI score0.00529EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/06/07 10:31 p.m.•24 views

CVE-2021-25817 XXE: Vulnerability in CSSContentParser

More info at https://www.silverstripe.org/download/security-releases/cve-2021-25817...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/04/06 1:43 p.m.•24 views

Improper Certificate Validation in phpseclib

More info at https://github.com/phpseclib/phpseclib/pull/1635...

7.5CVSS7.3AI score0.01055EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/03/16 8:58 a.m.•24 views

TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-008...

5.4CVSS5.8AI score0.00872EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/03/16 8:58 a.m.•24 views

TYPO3-CORE-SA-2021-006: Cleartext storage of session identifier

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-006...

7.5CVSS7.8AI score0.00918EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:51 a.m.•24 views

Insecure Deserialization in Query Generator & Query View

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-026...

8.8CVSS7.2AI score0.01267EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/11/13 8:0 a.m.•24 views

CVE-2019-11325: Fix escaping of strings in VarExporter

More info at https://symfony.com/cve-2019-11325...

9.8CVSS7.2AI score0.03354EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•24 views

PRODSECBUG-2445: Insufficient logging and monitoring of configuration changes

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.00811EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 5:1 p.m.•24 views

CVE-2019-12204: Missing warning on install.php on public webroot can lead to unauthenticated admin access

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12204/...

9.8CVSS7.2AI score0.0146EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:38 a.m.•24 views

Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-015...

6.1CVSS7.2AI score0.00685EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•24 views

PRODSECBUG-2245: Stored cross-site scripting in store shipping methods configuration

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.01222EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•24 views

PRODSECBUG-2226: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•24 views

PRODSECBUG-2298: Arbitrary code execution through product imports and design layout update

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.01921EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•24 views

PRODSECBUG-2363: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•24 views

PRODSECBUG-2387: Cross site request forgery attacks are possible via the gift card removal feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

6.5CVSS7.2AI score0.00439EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/05/07 9:42 a.m.•24 views

Possible Arbitrary Code Execution in Image Processing

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-012...

9.3CVSS7.2AI score0.03917EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/03/26 12:0 a.m.•24 views

SUPEE-11086 - RCE, XSS, CSRF and other vulnerabilities

More info at https://magento.com/security/patches/supee-11086...

9.8CVSS7.2AI score0.1545EPSS
Exploits2Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/09/20 10:5 p.m.•24 views

Potential enwiki DOS due to slow WatchedItemStore::countVisitingWatchersMultiple

More info at https://phabricator.wikimedia.org/T204729...

7.5CVSS7.2AI score0.0231EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/09/20 5:24 a.m.•24 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

7.5CVSS2.9AI score0.26172EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/05/25 12:12 p.m.•24 views

CVE-2018-11385: Session Fixation Issue for Guard Authentication

More info at https://symfony.com/cve-2018-11385...

8.1CVSS7.2AI score0.02014EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/02/26 3:21 p.m.•24 views

Incorrect signature validation

More info at https://simplesamlphp.org/security/201802-01...

7.5CVSS7.2AI score0.01262EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/02/20 9:35 p.m.•24 views

Comment reply form allows access to restricted content.

More info at https://www.drupal.org/SA-CORE-2018-001...

8.1CVSS7.2AI score0.0123EPSS
Exploits1Affected Software1
Total number of security vulnerabilities1702