Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2019/06/17 5:0 p.m.•10 views

Information Disclosure Security Note

More info at https://www.neos.io/blog/neos-workspace-disclosure-security.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/01/22 8:41 a.m.•10 views

Cross-Site Scripting in Fluid ViewHelpers

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-005...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/12/12 12:21 p.m.•10 views

SS-2018-019: Possible denial of service attack vector when flushing

More info at https://www.silverstripe.org/download/security-releases/ss-2018-019/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/12/11 9:56 a.m.•10 views

Denial of Service in Frontend Record Registration

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-012...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/12/11 9:56 a.m.•10 views

Cross-Site Scripting in Backend Modal Component

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-007...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/12/10 2:21 p.m.•10 views

SS-2018-007: CSRF vulnerability in graphql

More info at https://www.silverstripe.org/download/security-releases/ss-2018-007/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/11/26 10:0 a.m.•10 views

SUPEE-10975 - Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities

More info at https://magento.com/security/patches/supee-10975...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/07/25 9:55 a.m.•10 views

SS-2018-016: Unsafe SQL Query Construction (Safe Data Source)

More info at https://www.silverstripe.org/download/security-releases/ss-2018-016/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/07/17 4:53 p.m.•10 views

SS-2018-018: Database credentials disclosure during connection failure

More info at https://www.silverstripe.org/download/security-releases/ss-2018-018/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/07/12 9:34 a.m.•10 views

Authentication Bypass in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-001...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/07/08 11:47 p.m.•10 views

CSRF vulnerability in the admin panel

More info at https://sylius.com/blog/csrf-vulnerability-in-admin-panel/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/06/11 3:28 p.m.•10 views

URL Rewrite vulnerability

More info at https://framework.zend.com/security/advisory/ZF2018-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/06/11 3:28 p.m.•10 views

URL Rewrite vulnerability

More info at https://framework.zend.com/security/advisory/ZF2018-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/05/10 11:59 a.m.•10 views

SS-2018-001: Privilege Escalation Risk in Member Edit form

More info at https://www.silverstripe.org/download/security-releases/ss-2018-001/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/03/06 3:40 p.m.•10 views

Potential SQL injection vector

The SelectLimit function has a potential SQLi exploit through the use of the nrows and offset parameters which are not forced to integers. Fixes 400...

7.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/12/07 1:27 p.m.•10 views

SS-2017-006: Session user agent change detection

More info at https://www.silverstripe.org/download/security-releases/ss-2017-006/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/09/28 3:37 p.m.•10 views

SS-2017-005: User enumeration via timing attack on login and password reset forms

More info at https://www.silverstripe.org/download/security-releases/ss-2017-005/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/09/05 11:37 a.m.•10 views

Arbitrary Code Execution in TYPO3 CMS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/05/09 7:42 p.m.•10 views

Cookie leakage to wrong origins and non-restricted cookie acceptance

Security and maintenance release. - Security: Previously cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax follows newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, b...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/02/28 3:37 p.m.•10 views

An error during signature verification can be treated as a successful verification.

Security update for signature validation on LogoutRequest/LogoutResponse. In order to verify Signatures on Logoutrequests and LogoutResponses we use the verifySignature of the class XMLSecurityKey from the xmlseclibs library. That method end up calling opensslverify depending on the signature...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/02/01 10:45 a.m.•10 views

Remote Code Execution in Qquoteadv/controllers/DownloadController.php

More info at https://cart2quote.zendesk.com/hc/en-us/articles/115000616303--FIXED-Security-Vulnerability-in-downloadCustomOptionAction...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/01/03 1:29 p.m.•10 views

Remote Code Execution in third party library swiftmailer

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-001/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/12/19 3:29 p.m.•10 views

Potential remote code execution in zend-mail via Sendmail adapter

More info at https://framework.zend.com/security/advisory/ZF2016-04...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/08/30 10:37 a.m.•10 views

Critical vulnerabilities in JSON Web Token libraries

More info at https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/04/12 12:7 p.m.•10 views

Cross-Site Scripting in TYPO3 Backend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-009/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/23 12:28 p.m.•10 views

Cross-Site Scripting in TYPO3 component Backend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/17 5:50 p.m.•10 views

SS-2016-002: CSRF vulnerability in GridFieldAddExistingAutocompleter

More info at https://www.silverstripe.org/download/security-releases/ss-2016-002/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/16 12:32 p.m.•10 views

SQL Injection in dbal

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-016/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/11/23 2:30 p.m.•10 views

Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word

More info at https://framework.zend.com/security/advisory/ZF2015-09...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/11/23 9:24 a.m.•10 views

Arbitrary file upload and XML External Entity processing

More info at https://www.neos.io/blog/flow-sa-2015-001.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/11/05 10:8 p.m.•10 views

Remote File Inclusion through View template name manipulation

More info at https://bakery.cakephp.org/2015/11/05/cakephp30153142612276released.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/09/15 5:15 p.m.•10 views

Filesystem Permissions Issues in Multiple Components

More info at https://framework.zend.com/security/advisory/ZF2015-07...

7.8CVSS7.2AI score0.00381EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/09/15 4:9 p.m.•10 views

Filesystem Permissions Issues in Multiple Components

More info at https://framework.zend.com/security/advisory/ZF2015-07...

7.8CVSS7.2AI score0.00381EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/09/14 9:17 a.m.•10 views

SS-2015-015: XSS in dev/build returnURL Parameter

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-015/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/08/31 2:32 p.m.•10 views

SS-2015-018: File upload exposure on UserForms module

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-018/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/07/08 1:51 p.m.•10 views

Forced Redirect to External Website

More info at https://www.orocrm.com/blog/news/orocrm-security-announcement...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/07/01 9:10 a.m.•10 views

Access bypass when editing file metadata

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/05/28 1:5 p.m.•10 views

SS-2015-014: Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-014/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/03/28 6:24 p.m.•10 views

Privilege Escalation in TYPO3 Neos

More info at https://www.neos.io/blog/neos-sa-2015-001.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/03/20 7:29 p.m.•10 views

SS-2016-015: XSS In OptionsetField and CheckboxSetField

More info at https://www.silverstripe.org/download/security-releases/ss-2016-015/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/02/24 5:46 p.m.•10 views

XSS injection in backoffice

More info at https://thelia.net/version-2-1-2-with-security-fix...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/01/14 10:0 p.m.•10 views

Session validation vulnerability

More info at https://framework.zend.com/security/advisory/ZF2015-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/04/07 10:30 a.m.•10 views

Insufficient input validation allows for code injection and remote execution

More info at https://contao.org/en/news/new-security-hole-found-in-contao.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/02/26 4:2 p.m.•10 views

Potential XSS vector in multiple view helpers

More info at https://framework.zend.com/security/advisory/ZF2014-03...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/02/17 3:37 p.m.•10 views

Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer

More info at https://framework.zend.com/security/advisory/ZF2014-02...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2013/10/10 8:30 a.m.•10 views

Possible DOS attack with long user-submitted passwords

More info at https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released...

5CVSS7.2AI score0.01868EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2013/03/13 3:4 p.m.•10 views

Potential SQL injection due to execution of platform-specific SQL containing interpolations

More info at https://framework.zend.com/security/advisory/ZF2013-03...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2012/11/28 10:4 a.m.•10 views

local file access in `Client:send` via manipulation of `$protocol` argument

security fix: hardened the Client::send method against misuse of the $method argument issue 81. Abusing its value, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakne...

7.3AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2012/11/08 8:33 a.m.•10 views

Vulnerability in the EntityUserProvider as provided in the Doctrine bridge

More info at https://symfony.com/blog/security-release-symfony-2-0-6...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2012/09/20 3:22 p.m.•10 views

Denial of Service vector via XEE injection

More info at https://framework.zend.com/security/advisory/ZF2012-02...

7.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities1702