Friendsofphp - Page 26 of Friendsofphp Most Viewed Vulnerabilities List

FriendsofphpMost viewed

Recent Most viewed

1697 matches found

Friends Of PHP•added 2019/06/25 6:39 a.m.•11 views

Security Misconfiguration in Frontend Session Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-018...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•11 views

PRODSECBUG-2325: Denial-of-service by forcing a store to respond with a 404 error

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.5CVSS7.2AI score0.01175EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•11 views

PRODSECBUG-2346: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

4.8CVSS7.2AI score0.00557EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•11 views

PRODSECBUG-2132: Insecure Direct Object Reference (IDOR) vulnerability can expose sensitive company details

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

7.5CVSS7.2AI score0.01143EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•11 views

PRODSECBUG-2364: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

4.8CVSS7.2AI score0.00557EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•11 views

PRODSECBUG-2244: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/17 5:0 p.m.•11 views

Information Disclosure Security Note

More info at https://www.neos.io/blog/neos-workspace-disclosure-security.html...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2019/05/07 9:43 a.m.•11 views

Information Disclosure in User Authentication

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-010...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2019/05/07 9:42 a.m.•11 views

Security Misconfiguration in User Session Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-011...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2019/02/12 12:0 p.m.•11 views

Retrieval of HTTP-only cookies

More info at https://www.passbolt.com/incidents/20190211multiplevulnerabilities...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2019/01/22 8:41 a.m.•11 views

Broken Access Control in Localization Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-003...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2018/10/31 12:19 p.m.•11 views

Possible DOS attack with long user-submitted passwords (correct fix for CVE-2013-5958)

See https://twitter.com/CiPHPerCoder/status/1050427719941525504 for discussion...

5CVSS6.1AI score0.01868EPSS

Exploits0Affected Software1

Friends Of PHP•added 2018/10/02 12:1 a.m.•11 views

Action case insensitivity

Fix security breach = required role for action was not required for Action nor ACTION. Thanks to [email protected]...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2018/07/12 9:34 a.m.•11 views

Insecure Deserialization in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-004...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2018/07/12 9:34 a.m.•11 views

Insecure Deserialization in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-004...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2018/06/11 3:28 p.m.•11 views

URL Rewrite vulnerability

More info at https://framework.zend.com/security/advisory/ZF2018-01...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2018/04/16 5:23 p.m.•11 views

Crypt encryption compromised.

More info at https://fuelphp.com/security-advisories...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2018/01/22 12:30 p.m.•11 views

Non-Persistent XSS

More info at https://community.shopware.com/detail2048.html...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2017/05/30 9:58 p.m.•11 views

SS-2017-002: Member disclosure in login form

More info at https://www.silverstripe.org/download/security-releases/ss-2017-002/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2017/05/30 9:58 p.m.•11 views

SS-2017-004: XSS in page history comparison

More info at https://www.silverstripe.org/download/security-releases/ss-2017-004/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2017/01/19 8:19 a.m.•11 views

Remote Code Execution Vulnerability

More info at https://community.shopware.com/detail1989.html...

1.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2017/01/06 5:0 p.m.•11 views

Security fix for Flow Swift Mailer package

More info at https://www.neos.io/blog/flow-sa-2017-01.html...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2017/01/06 5:0 p.m.•11 views

Security fix for Flow Swift Mailer package

More info at https://www.neos.io/blog/flow-sa-2017-01.html...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2016/11/01 5:0 p.m.•11 views

Time-Based Information Disclosure Vulnerability in Flow

More info at https://www.neos.io/blog/flow-sa-2016-001.html...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2016/07/19 1:3 p.m.•11 views

Insecure Unserialize in TYPO3 Import/Export

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-015...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2016/05/11 11:9 a.m.•11 views

SS-2016-004: XSS in CMS Edit Page

More info at https://www.silverstripe.org/download/security-releases/ss-2016-004/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2016/04/12 12:7 p.m.•11 views

Authentication Bypass in TYPO3 CMS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-011/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2016/02/17 5:55 p.m.•11 views

SS-2015-028: Missing security check on dev/build/defaults

More info at https://www.silverstripe.org/download/security-releases/ss-2015-028/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2015/12/15 11:38 a.m.•11 views

Cross-Site Scripting in TYPO3 component Indexed Search

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2015/09/15 3:50 p.m.•11 views

Potential SQL injection vector using null byte for PDO (MsSql, SQLite)

More info at https://framework.zend.com/security/advisory/ZF2015-08...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2015/09/14 10:38 a.m.•11 views

SS-2015-017: Forum Module CSRF Vulnerability

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-017/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2015/08/03 12:55 p.m.•11 views

State guessing vulnerability

By doing this we're protecting against people trying to guess the state...

7AI score

Exploits0Affected Software1

Friends Of PHP•added 2015/07/26 7:42 p.m.•11 views

Critical SQL injection bug in the ODBC database driver

More info at https://forum.codeigniter.com/thread-65803.html...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2015/07/23 1:53 p.m.•11 views

Insecure state generation

More info at https://github.com/laravel/socialite/pull/91...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2015/05/25 2:52 p.m.•11 views

SS-2015-012: External redirection risk in Security?ReturnURL

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-012/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2015/05/25 10:52 a.m.•11 views

SS-2015-011: Potential SQL Injection Vulnerability

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-011/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2015/03/28 6:24 p.m.•11 views

Privilege Escalation in TYPO3 Neos

More info at https://www.neos.io/blog/neos-sa-2015-001.html...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2015/03/20 7:29 p.m.•11 views

SS-2016-008: Password encryption salt expiry

More info at https://www.silverstripe.org/download/security-releases/ss-2016-008/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2015/03/20 2:57 p.m.•11 views

SS-2015-009: XSS In rewritten hash links

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2015/03/20 12:10 p.m.•11 views

SS-2014-015: IE requests not properly behaving with rewritehashlinks

More info at https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2015/03/19 4:54 p.m.•11 views

SS-2015-008: SiteTree Creation Permission Vulnerability

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2015/02/12 3:55 p.m.•11 views

SS-2015-004: TreeDropdownField and TreeMultiSelectField XSS

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-004/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2014/12/10 10:7 a.m.•11 views

Possible cache poisining on the homepage when anchors are used

More info at https://typo3.org/security/advisory/typo3-core-sa-2014-003...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2014/06/13 11:45 a.m.•11 views

Sendmail transport arbitrary shell execution

More info at http://blog.swiftmailer.org/post/88660759928/security-fix-swiftmailer-5-2-1-released...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2014/06/11 1:46 p.m.•11 views

Potential SQL injection in the ORDER implementation of Zend_Db_Select

More info at https://framework.zend.com/security/advisory/ZF2014-04...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2014/05/22 7:34 a.m.•11 views

The ExtJS JavaScript framework that is shipped with TYPO3 is susceptible to XSS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2014/02/26 4:2 p.m.•11 views

Potential XSS vector in multiple view helpers

More info at https://framework.zend.com/security/advisory/ZF2014-03...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2014/02/26 4:2 p.m.•11 views

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2014/02/26 4:2 p.m.•11 views

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2013/03/13 3:5 p.m.•11 views

Potential Information Disclosure and Insufficient Entropy vulnerabilities in Zend\Math\Rand and Zend\Validate\Csrf Components

More info at https://framework.zend.com/security/advisory/ZF2013-02...

7.2AI score

Exploits0Affected Software1

Total number of security vulnerabilities1697