Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2018/11/06 11:52 a.m.•23 views

CVE-2018-19789: Temporary uploaded file path disclosure

More info at https://symfony.com/cve-2018-19789...

5.3CVSS7.2AI score0.03589EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/05/25 11:46 a.m.•23 views

CVE-2018-11386: Denial of service when using PDOSessionHandler

More info at https://symfony.com/cve-2018-11386...

5.9CVSS7.2AI score0.01607EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/04/18 9:51 a.m.•23 views

Cross-site scripting (XSS) vulnerability in the system log of the back end

More info at https://contao.org/en/news/contao-3535.html...

6.1CVSS6.5AI score0.00811EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/02/20 9:35 p.m.•23 views

JavaScript cross-site scripting prevention is incomplete.

More info at https://www.drupal.org/SA-CORE-2018-001...

6.1CVSS7.2AI score0.01644EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/02/20 9:35 p.m.•23 views

Private file access bypass.

More info at https://www.drupal.org/SA-CORE-2018-001...

5.3CVSS7.2AI score0.0104EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/11/16 3:14 p.m.•23 views

CVE-2017-16652: Open redirect vulnerability on security handlers

More info at https://symfony.com/cve-2017-16652...

6.1CVSS7.2AI score0.00949EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/11/16 3:14 p.m.•23 views

CVE-2017-16652: Open redirect vulnerability on security handlers

More info at https://symfony.com/cve-2017-16652...

6.1CVSS7.2AI score0.00949EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/08/16 5:10 p.m.•23 views

Views does not properly restrict access to the Ajax endpoint.

More info at https://www.drupal.org/SA-CORE-2017-004...

6.5CVSS7.2AI score0.01628EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/06/21 6:13 p.m.•23 views

PECL YAML parser unsafe object handling

More info at https://www.drupal.org/SA-CORE-2017-003...

9.8CVSS7.2AI score0.20482EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/12/03 12:16 p.m.•23 views

Incorrect signature verification

More info at https://simplesamlphp.org/security/201612-03...

7.5CVSS7.2AI score0.01261EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/09/21 6:39 p.m.•23 views

Users without "Administer comments" can set comment visibility on nodes they can edit

More info at https://www.drupal.org/SA-CORE-2016-004...

4.3CVSS7.2AI score0.01678EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/08/28 11:50 p.m.•23 views

XSS vulnerability in old test script

JPCERT Coordination Center JPCERT/CC reported the following vulnerability in ADOdb. As a workaround until hotfix is released, we recommend all users to remove the whole ./tests directory; it is only used for development purposes and is not necessary for normal ADOdb operations. --- Report...

6.1CVSS5.9AI score0.01946EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/05/09 9:13 p.m.•23 views

CVE-2016-4423: Large username storage in session

More info at https://symfony.com/cve-2016-4423...

7.5CVSS7.2AI score0.01862EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/15 6:57 p.m.•23 views

Open redirect via path manipulation

More info at https://www.drupal.org/SA-CORE-2016-001...

7.4CVSS7.2AI score0.0192EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/15 6:57 p.m.•23 views

Email address can be matched to an account

More info at https://www.drupal.org/SA-CORE-2016-001...

5.3CVSS7.2AI score0.0215EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/15 6:57 p.m.•23 views

Session data truncation can lead to unserialization of user provided data

More info at https://www.drupal.org/SA-CORE-2016-001...

8.1CVSS7.2AI score0.0319EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/15 6:57 p.m.•23 views

Open redirect via double-encoded 'destination' parameter

More info at https://www.drupal.org/SA-CORE-2016-001...

7.4CVSS7.2AI score0.01352EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/05/10 3:38 a.m.•23 views

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

4.3CVSS7.2AI score0.01521EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/05/07 8:16 a.m.•23 views

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

6.1CVSS7.2AI score0.01009EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/04/01 6:55 p.m.•23 views

Esi Code Injection

More info at https://symfony.com/cve-2015-2308...

6.8CVSS7.2AI score0.01365EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/04/01 6:55 p.m.•23 views

Unsafe methods in the Request class

More info at https://symfony.com/cve-2015-2309...

7.2AI score0.00785EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/02/18 7:15 p.m.•23 views

Potential SQL injection in PostgreSQL Zend\Db adapter

More info at https://framework.zend.com/security/advisory/ZF2015-02...

9.8CVSS9.7AI score0.01103EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/09/03 7:40 a.m.•23 views

CSRF vulnerability in the Web Profiler

More info at https://symfony.com/cve-2014-6072...

7.2AI score0.01485EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2013/04/11 10:24 a.m.•23 views

Local file exposure on Windows installations

More info at https://groups.google.com/forum/?fromgroups=!topic/sabredav-discuss/ehOUu7wTSGQ...

5CVSS6.4AI score0.01779EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2013/01/15 9:21 p.m.•23 views

Ability to enable/disable object support in YAML parsing and dumping

More info at https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released...

7.5CVSS6.7AI score0.01619EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

7.5CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

7.5CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

CVE-2019-10910: Check service IDs are valid

More info at https://symfony.com/cve-2019-10910...

9.8CVSS7.2AI score0.0595EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

CVE-2019-10913: Reject invalid HTTP method overrides

More info at https://symfony.com/cve-2019-10913...

9.8CVSS7.2AI score0.01854EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004

More info at https://www.drupal.org/sa-core-2020-004...

8.8CVSS7.2AI score0.00695EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...

9.6CVSS7.2AI score0.02395EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...

9.6CVSS7.2AI score0.02694EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011

More info at https://www.drupal.org/sa-core-2020-011...

7.5CVSS7.2AI score0.01106EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Drupal core - Less critical - Access bypass - SA-CORE-2020-006

More info at https://www.drupal.org/sa-core-2020-006...

9.8CVSS7.2AI score0.01275EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011

More info at https://www.drupal.org/sa-core-2020-011...

7.5CVSS7.2AI score0.01106EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

CVE-2019-10911: Add a separator in the remember me cookie hash

More info at https://symfony.com/cve-2019-10911...

7.5CVSS7.2AI score0.01243EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Insecure Random Number Generator

Insecure RNG: stormpath-sdk-php/src/Util/UUID.php Lines 167 to 181 in 15aee30 / Generate an UUID version 4 pseudo random / static private function generateRandom$ns, $node $uuid = self::$muuidfield; $uuid'timehi' = 4 12 | mtrand0, 0x1000; $uuid'clockseqhi' = 1 7 | mtrand0, 128; $uuid'timelow' =...

0.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/11/27 6:31 p.m.•22 views

phpseclib vulnerable to denial of service

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2f25-pfq3-c7h8. This link is maintained to preserve external references. Original Description In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees in binary fields can lead to a denial...

7.5CVSS7AI score0.00762EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/11/20 2:58 p.m.•22 views

TYPO3-EXT-SA-2023-009: Insecure Direct Object Reference in extension "Content Consent" (content_consent)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-009...

6.8AI score0.00598EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/12/13 9:19 a.m.•22 views

TYPO3-CORE-SA-2022-017: By-passing Cross-Site Scripting Protection in HTML Sanitizer

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-017...

6.1CVSS7.2AI score0.00438EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/03/17 4:15 p.m.•22 views

Path manipulation

matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. The issue was fixed in version 3.0.6...

9.8CVSS9.4AI score0.01381EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/03/06 1:37 p.m.•22 views

Path Traversal within joomla/archive zip class

More info at https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html...

5.5CVSS7.2AI score0.01161EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/11/16 9:38 p.m.•22 views

Cross-Site Scripting through Fluid view helper arguments

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-009...

8CVSS7.2AI score0.01026EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/25 11:16 a.m.•22 views

Vulnerability which allows remote image dimensions check to be used to SSRF

More info at https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636...

5.8CVSS7.2AI score0.00966EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/14 1:26 p.m.•22 views

CVE-2020-9311: Malicious user profile information can cause login form XSS

More info at https://www.silverstripe.org/download/security-releases/cve-2020-9311/...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/30 2:0 p.m.•22 views

CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header

More info at https://symfony.com/cve-2020-5255...

4.3CVSS7.2AI score0.01297EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•22 views

PRODSECBUG-2445: Insufficient logging and monitoring of configuration changes

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.00811EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 5:1 p.m.•22 views

CVE-2019-14273: Broken Access control on files

More info at https://www.silverstripe.org/download/security-releases/cve-2019-14273/...

5.3CVSS7.2AI score0.01106EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•22 views

PRODSECBUG-2370: Reflected cross-site scripting on customer cart page

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

6.1CVSS7.2AI score0.01042EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702