Lucene search
K
FriendsofphpRecent

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•22 views

PRODSECBUG-2445: Insufficient logging and monitoring of configuration changes

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.00811EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•25 views

PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00591EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 5:1 p.m.•22 views

CVE-2019-14273: Broken Access control on files

More info at https://www.silverstripe.org/download/security-releases/cve-2019-14273/...

5.3CVSS7.2AI score0.01106EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 5:1 p.m.•33 views

CVE-2019-16409: Secureassets and versionedfiles modules can expose versions of protected files

More info at https://www.silverstripe.org/download/security-releases/cve-2019-16409/...

5.3CVSS7.2AI score0.01203EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 5:1 p.m.•19 views

CVE-2019-14272: XSS in file titles managed through the CMS

More info at https://www.silverstripe.org/download/security-releases/cve-2019-14272/...

5.4CVSS7.2AI score0.00725EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 5:1 p.m.•23 views

CVE-2019-12204: Missing warning on install.php on public webroot can lead to unauthenticated admin access

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12204/...

9.8CVSS7.2AI score0.0146EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 5:1 p.m.•17 views

CVE-2019-12617: Access escalation for CMS users with limited access through permission cache pollution

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12617/...

4CVSS7.2AI score0.00855EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 4:51 p.m.•15 views

CVE-2019-12203: Session fixation in "change password" form

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12203/...

6.3CVSS7.2AI score0.0038EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 1:49 p.m.•27 views

CVE-2019-12245: Incorrect access control vulnerability in files uploaded to protected folders

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12245/...

5.3CVSS7.2AI score0.01369EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 1:49 p.m.•26 views

CVE-2020-9280: Folders migrated from 3.x may be unsafe to upload to

More info at https://www.silverstripe.org/download/security-releases/cve-2020-9280/...

7.5CVSS7.2AI score0.01686EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/19 2:0 a.m.•16 views

Circumvents open_basedir INI directive

ADVISORY: This release circumvents openbasedir in the requestinithook. If you rely on the openbasedir INI directive, we highly recommended you upgrade to 0.30.2. Fixed Shutdown span flushing blocking the process when forked 493 Memory access errors in cases when PHP code was run after extension...

0.4AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/19 2:0 a.m.•18 views

Circumvents open_basedir INI directive

ADVISORY: This release circumvents openbasedir in the requestinithook. If you rely on the openbasedir INI directive, we highly recommended you upgrade to 0.30.2. Fixed - Shutdown span flushing blocking the process when forked 493 - Memory access errors in cases when PHP code was run after extensi...

7.4AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/02 10:25 p.m.•12 views

EZSA-2019-006 Rules to disable executable access are ignored on Platform.sh (eZ Cloud)

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-006-rules-to-disable-executable-access-are-ignored-on-platform.sh-ez-cloud...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/02 10:25 p.m.•12 views

EZSA-2019-007 Prevent accepting app.php in URL in Platform.sh

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-007-prevent-accepting-app.php-in-url-in-platform.sh...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/08/15 7:16 p.m.•25 views

Exposed suppressed username via Special:Redirect

More info at https://phabricator.wikimedia.org/T230402...

5.3CVSS7.2AI score0.01768EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/07/16 4:24 p.m.•33 views

Critical - Access bypass

More info at https://www.drupal.org/sa-core-2019-008...

9.8CVSS7.2AI score0.01861EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/07/16 4:24 p.m.•14 views

Critical - Access bypass

More info at https://www.drupal.org/sa-core-2019-008...

9.8CVSS7.2AI score0.01861EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/07/08 12:27 p.m.•16 views

Vulnerability to bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. Please either disable the trusted feature in your application or upgrade to a bundle...

4.5AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/07/08 12:27 p.m.•10 views

Vulnerability to bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. Please either disable the trusted feature in your application or upgrade to a bundle...

6.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/07/04 12:28 p.m.•33 views

EZSA-2019-005 Bundled jQuery affected by CVE-2019-11358

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-005-bundled-jquery-affected-by-cve-2019-11358...

6.1CVSS9.7AI score0.87218EPSS
Exploits4Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/07/01 12:55 p.m.•42 views

XXE Vulnerability

This is: - a bugfix - a new feature - X security Checklist: - X Changes are covered by unit tests - X Code style is respected - X Commit message explains why the change is made see https://github.com/erlang/otp/wiki/Writing-good-commit-messages - X CHANGELOG.md contains a short summary of the...

8.8CVSS8.7AI score0.0135EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/27 12:0 a.m.•9 views

EZSA-2019-004 CSRF token in login form is disabled by default

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-004-csrf-token-in-login-form-is-disabled-by-default...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:40 a.m.•16 views

Broken Access Control in Import Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-017...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:40 a.m.•14 views

Broken Access Control in Import Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-017...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:40 a.m.•32 views

Possible deserialization side-effects in symfony/cache

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-016...

7.1CVSS7.2AI score0.02302EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:40 a.m.•32 views

Possible deserialization side-effects in symfony/cache

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-016...

7.1CVSS7.2AI score0.02302EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:39 a.m.•27 views

Insecure Deserialization in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-020...

8.8CVSS7.2AI score0.01525EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:39 a.m.•32 views

Insecure Deserialization in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-020...

8.8CVSS7.2AI score0.01525EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:39 a.m.•11 views

Arbitrary Code Execution and Cross-Site Scripting in Backend API

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-019...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:39 a.m.•13 views

Arbitrary Code Execution and Cross-Site Scripting in Backend API

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-019...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:39 a.m.•42 views

Security Misconfiguration in Frontend Session Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-018...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:39 a.m.•12 views

Security Misconfiguration in Frontend Session Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-018...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:38 a.m.•24 views

Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-015...

6.1CVSS7.2AI score0.00685EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:38 a.m.•23 views

Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-015...

6.1CVSS7.2AI score0.00685EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:38 a.m.•9 views

Information Disclosure in Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-014...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:38 a.m.•10 views

Information Disclosure in Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-014...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•38 views

PRODSECBUG-2273: Sensitive data disclosure though malicious email templates

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

6.5CVSS7.2AI score0.0095EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•37 views

PRODSECBUG-2349: Arbitrary code execution via file upload in admin import feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

9CVSS7.2AI score0.02421EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•72 views

PRODSECBUG-2351: Arbitrary code execution via crafted sitemap creation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.02413EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•55 views

PRODSECBUG-2353: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•43 views

PRODSECBUG-2363: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•42 views

PRODSECBUG-2343: Insecure Direct Object Reference (IDOR) vulnerability can lead to deletion of downloadable products folder

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.5CVSS7.2AI score0.0073EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•36 views

PRODSECBUG-2345: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•36 views

PRODSECBUG-2347: Insufficient brute-forcing defenses in the token exchange protocol could be abused in carding attacks

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.5CVSS7.2AI score0.01175EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•35 views

PRODSECBUG-2375: Arbitrary code execution via malicious XML layouts

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.01921EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•35 views

PRODSECBUG-2380: Stored cross-site scripting in the Currency Symbols field

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•46 views

PRODSECBUG-2387: Cross site request forgery attacks are possible via the gift card removal feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

6.5CVSS7.2AI score0.00439EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•48 views

PRODSECBUG-2346: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•53 views

PRODSECBUG-2270: Reflected cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•52 views

PRODSECBUG-2275: Unsafe functionality is exposed via email templates manipulation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

6.5CVSS7.2AI score0.00805EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702