Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
added 2018/05/25 12:12 p.m.19 views

CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password

More info at https://symfony.com/cve-2018-11407...

9.8CVSS7.2AI score0.02345EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/04/19 4:7 p.m.19 views

Access bypass

More info at https://www.drupal.org/SA-2017-002...

7.5CVSS7.2AI score0.01606EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/03/15 8:19 p.m.19 views

Editor module incorrectly checks access to inline private files

More info at https://www.drupal.org/SA-2017-001...

7.5CVSS7.2AI score0.01891EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/02/28 3:37 p.m.19 views

An error during signature verification can be treated as a successful verification.

…nse. In order to verify Signatures on Logoutrequests and LogoutResponses we use the verifySignature of the class XMLSecurityKey from the xmlseclibs library. That method end up calling opensslverify depending on the signature algorithm used. The opensslverify function returns 1 when the signature...

2.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/11/16 6:45 p.m.19 views

Incorrect cache context on password reset page

More info at https://www.drupal.org/SA-CORE-2016-005...

7.5CVSS7.2AI score0.01004EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/11/16 6:45 p.m.19 views

Denial of service via transliterate mechanism

More info at https://www.drupal.org/SA-CORE-2016-005...

6.5CVSS7.2AI score0.01719EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/11/23 2:30 p.m.19 views

Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word

More info at https://framework.zend.com/security/advisory/ZF2015-09...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/11/23 11:45 a.m.19 views

CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service

More info at https://symfony.com/cve-2015-8125...

7.5CVSS7.2AI score0.02545EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/08/31 1:2 p.m.19 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00381EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/05/10 3:38 a.m.19 views

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

4.3CVSS7.2AI score0.01521EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/04/01 6:55 p.m.19 views

Esi Code Injection

More info at https://symfony.com/cve-2015-2308...

6.8CVSS7.2AI score0.01365EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/03/12 1:58 p.m.19 views

Invalid CSRF validation of null or incorrectly formatted token identifiers

More info at https://framework.zend.com/security/advisory/ZF2015-03...

8.8CVSS8.9AI score0.00656EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/09/03 7:40 a.m.19 views

Direct access of ESI URLs behind a trusted proxy

More info at https://symfony.com/cve-2014-5245...

7.2AI score0.00812EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

Cross-Site Scripting

I've picked up on the work started over at 276 and rebased on erusev/master. Since this is rebased on master, I can't point at PR at naNuke/master without running into the merge conflicts that I've already resolved manually. I've implemented what I suggested earlier so that all attributes are...

4.3CVSS5.8AI score0.012EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

7.5CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

Padding Oracle Vulnerability in RSA Encryption

See https://framework.zend.com/security/advisory/ZF2015-10 it's essentially the same vulnerability The text was updated successfully, but these errors were encountered: All reactions...

2.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

Prevent installation typosquatting malware

More info at https://www.kernelmode.blog/typosquatting-malware-found-in-composer-repository/...

0.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

CVE-2024-50341: Security::login does not take into account custom user_checker

More info at https://symfony.com/cve-2024-50341...

3.1CVSS6.6AI score0.00318EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

CVE-2024-51736: Command execution hijack on Windows with Process class

More info at https://symfony.com/cve-2024-51736...

9.8CVSS6.6AI score0.0043EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

CVE-2019-12205: Clipboard Reflected XSS

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12205/...

6.1CVSS7.2AI score0.00883EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

Padding Oracle Vulnerability in RSA Encryption

Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...

6.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

XSS vulnerability on contacts view

Impact Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populat...

8.3CVSS6.7AI score0.00642EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

Use token when logging out

More info at https://phabricator.wikimedia.org/T25227...

8.8CVSS7.2AI score0.00848EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/02/08 10:45 p.m.18 views

Denial of Service via "MadeYouReset" vulnerability

Versions of amphp/http-server prior to 3.4.4 for the 3.x release branch and prior to 2.1.10 for the 2.x release branch are vulnerable to the HTTP/2 "MadeYouReset" DoS attack described by CVE-2025-8671 and https://kb.cert.org/vuls/id/767506. In versions 3.4.4 and 2.1.10, stream reset protection ha...

7.5CVSS5.4AI score0.04604EPSS
Exploits3Affected Software1
Friends Of PHP
Friends Of PHP
added 2024/09/09 8:51 a.m.18 views

Possible sandbox bypass

More info at https://symfony.com/blog/twig-security-release-possible-sandbox-bypass...

8.6CVSS6.7AI score0.00826EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/12/13 11:55 a.m.18 views

TYPO3-EXT-SA-2023-010: Broken Access Control in extension "femanager" (femanager)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-010...

7.2AI score0.00341EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/12/13 11:23 a.m.18 views

TYPO3-EXT-SA-2022-016: Insufficient Session Expiration after Password Change in extension "Change password for frontend users" (fe_change_pwd)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-016...

7.5CVSS9AI score0.00441EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/05/25 11:11 a.m.18 views

CVE-2022-29254 - Failed payment recorded has completed

More info at https://www.silverstripe.org/download/security-releases/cve-2022-29254...

6.5CVSS7.2AI score0.00618EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/02/04 8:13 a.m.18 views

Possible SQL injection in widget field value

Description Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility. Patches The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0. For more information If you have any questions ...

0.6AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/09/28 7:36 p.m.18 views

CVE-2021-41106: File reference keys leads to incorrect hashes on HMAC algorithms

Description Impact Users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and,...

2.1CVSS0.2AI score0.00199EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/05/12 8:0 a.m.18 views

CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms

More info at https://symfony.com/cve-2021-21424...

5.3CVSS5.7AI score0.01712EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.18 views

PRODSECBUG-2412: Cross-Site Scripting via Location Name

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/09/19 2:0 a.m.18 views

Circumvents open_basedir INI directive

ADVISORY: This release circumvents openbasedir in the requestinithook. If you rely on the openbasedir INI directive, we highly recommended you upgrade to 0.30.2. Fixed - Shutdown span flushing blocking the process when forked 493 - Memory access errors in cases when PHP code was run after extensi...

7.4AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/11 4:34 p.m.18 views

CVE-2019-12149: Potential SQL injection in restfulserver and registry modules

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12149...

9.8CVSS7.2AI score0.01355EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/11/06 11:52 a.m.18 views

CVE-2018-19790: Open Redirect Vulnerability on login

More info at https://symfony.com/cve-2018-19790...

6.1CVSS7.2AI score0.01485EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/09/20 6:59 p.m.18 views

$wgRateLimits (rate limit / ping limiter) entry for 'user' overrides that for 'newbie'

More info at https://phabricator.wikimedia.org/T169545...

4CVSS5.6AI score0.0153EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/09/14 3:26 p.m.18 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

7.5CVSS2.9AI score0.26172EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/07/07 11:34 a.m.18 views

When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information

More info at https://phabricator.wikimedia.org/T187638...

6.5CVSS6.7AI score0.02797EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/05/29 6:12 p.m.18 views

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

7.5CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/05/25 12:12 p.m.18 views

CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password

More info at https://symfony.com/cve-2018-11407...

9.8CVSS7.2AI score0.02345EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/05/25 11:46 a.m.18 views

CVE-2018-11408: Open redirect vulnerability on security handlers

More info at https://symfony.com/cve-2018-11408...

6.1CVSS7.2AI score0.01139EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/01/31 10:34 a.m.18 views

Use of insecure connection charset (sqlauth module)

More info at https://simplesamlphp.org/security/201801-03...

9.8CVSS7.2AI score0.03111EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/01/13 11:13 p.m.18 views

The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

8.8CVSS7.2AI score0.00592EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/09/14 2:30 p.m.18 views

XSS in the url field on the password workspace grid and sidebar

More info at https://www.passbolt.com/incidents/20170914xssonresourceurls...

5.4CVSS5.8AI score0.00516EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/02/26 10:15 p.m.18 views

Arbitrary shell execution

Security Advisory - This release contains a fix for a security advisory related to the improper handling of shell commands - Uses of shellexec and exec were not escaping filenames and configuration settings in most cases - A properly crafted filename or configuration option would allow for...

8.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/11/16 6:45 p.m.18 views

Inconsistent name for term access query

More info at https://www.drupal.org/SA-CORE-2016-005...

4.3CVSS7.2AI score0.01957EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/11/16 6:45 p.m.18 views

Inconsistent name for term access query

More info at https://www.drupal.org/SA-CORE-2016-005...

4.3CVSS7.2AI score0.01957EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/11/16 6:45 p.m.18 views

Denial of service via transliterate mechanism

More info at https://www.drupal.org/SA-CORE-2016-005...

6.5CVSS7.2AI score0.01719EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/09/15 6:52 p.m.18 views

Filesystem Permissions Issues in Multiple Components

More info at https://framework.zend.com/security/advisory/ZF2015-07...

7.2CVSS7.6AI score0.00381EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/08/31 12:59 p.m.18 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00381EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702