Friendsofphp - Page 17 of Friendsofphp Vulnerabilities List

Friends Of PHP•added 2018/10/30 2:55 p.m.•6 views

EZSA-2018-009 Do not interpret PHP/PHAR uploads

More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads...

Friends Of PHP•added 2018/10/21 6:5 p.m.•24 views

Loading JS from user space where the username is not a registered account is dangerous and should be banned

More info at https://phabricator.wikimedia.org/T207603...

6.1CVSS7.2AI score0.01285EPSS

Friends Of PHP•added 2018/10/19 2:12 p.m.•7 views

EZSA-2018-008 REST API returns list of all SiteAccesses

More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-008-rest-api-returns-list-of-all-siteaccesses...

Friends Of PHP•added 2018/10/18 1:58 p.m.•5 views

By-passing Protection of PharStreamWrapper Interceptor

More info at https://typo3.org/security/advisory/typo3-psa-2018-001...

Friends Of PHP•added 2018/10/17 12:52 p.m.•8 views

EZSA-2018-006 XSS vulnerability in 'disabled module' error template

More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template...

Friends Of PHP•added 2018/10/17 9:52 a.m.•10 views

EZSA-2018-005 Passwordless login for LDAP users

More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users...

Friends Of PHP•added 2018/10/02 12:1 a.m.•14 views

Action case insensitivity

Fix security breach = required role for action was not required for Action nor ACTION. Thanks to [email protected]...

1.7AI score

Friends Of PHP•added 2018/10/02 12:1 a.m.•11 views

Action case insensitivity

Fix security breach = required role for action was not required for Action nor ACTION. Thanks to [email protected]...

Friends Of PHP•added 2018/09/20 10:5 p.m.•22 views

Potential enwiki DOS due to slow WatchedItemStore::countVisitingWatchersMultiple

More info at https://phabricator.wikimedia.org/T204729...

7.5CVSS7.2AI score0.0231EPSS

Friends Of PHP•added 2018/09/20 7:59 p.m.•45 views

1.31.0 tarball is missing .htaccess files

More info at https://phabricator.wikimedia.org/T199029...

5.3CVSS7.2AI score0.02056EPSS

Friends Of PHP•added 2018/09/20 6:59 p.m.•16 views

$wgRateLimits (rate limit / ping limiter) entry for 'user' overrides that for 'newbie'

More info at https://phabricator.wikimedia.org/T169545...

4CVSS5.6AI score0.01517EPSS

Friends Of PHP•added 2018/09/20 6:59 p.m.•20 views

BotPassword can bypass CentralAuth's account lock

More info at https://phabricator.wikimedia.org/T194605...

6.5CVSS6.7AI score0.01916EPSS

Exploits1Affected Software1

Friends Of PHP•added 2018/09/20 6:59 p.m.•19 views

$wgRateLimits (rate limit / ping limiter) entry for 'user' overrides that for 'newbie'

More info at https://phabricator.wikimedia.org/T169545...

4.3CVSS5AI score0.01517EPSS

Friends Of PHP•added 2018/09/20 5:24 a.m.•23 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

7.5CVSS2.9AI score0.26172EPSS

Friends Of PHP•added 2018/09/20 5:24 a.m.•18 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS

Friends Of PHP•added 2018/09/14 3:26 p.m.•17 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

7.5CVSS2.9AI score0.26172EPSS

Friends Of PHP•added 2018/09/14 3:26 p.m.•18 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS

Friends Of PHP•added 2018/09/10 12:0 a.m.•10 views

Magento 2.2.6 and 2.1.15 Security update

More info at https://magento.com/security/patches/magento-2.2.6-and-2.1.15-security-update...

Friends Of PHP•added 2018/07/25 9:55 a.m.•10 views

SS-2018-016: Unsafe SQL Query Construction (Safe Data Source)

More info at https://www.silverstripe.org/download/security-releases/ss-2018-016/...

Friends Of PHP•added 2018/07/17 4:53 p.m.•9 views

SS-2018-018: Database credentials disclosure during connection failure

More info at https://www.silverstripe.org/download/security-releases/ss-2018-018/...

Friends Of PHP•added 2018/07/16 5:29 p.m.•7 views

SS-2018-017: Possible PHP Object Injection via Multi-Value Field Extension

More info at https://www.silverstripe.org/download/security-releases/ss-2018-017/...

Friends Of PHP•added 2018/07/12 9:34 a.m.•9 views

Privilege Escalation & SQL Injection in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-003...

Friends Of PHP•added 2018/07/12 9:34 a.m.•10 views

Authentication Bypass in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-001...

Friends Of PHP•added 2018/07/12 9:34 a.m.•13 views

Insecure Deserialization in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-004...

Friends Of PHP•added 2018/07/12 9:34 a.m.•14 views

Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-002...

Friends Of PHP•added 2018/07/12 9:34 a.m.•15 views

Authentication Bypass in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-001...

Friends Of PHP•added 2018/07/12 9:34 a.m.•15 views

Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-002...

Friends Of PHP•added 2018/07/12 9:34 a.m.•13 views

Privilege Escalation & SQL Injection in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-003...

Friends Of PHP•added 2018/07/12 9:34 a.m.•12 views

Insecure Deserialization in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-004...

Friends Of PHP•added 2018/07/08 11:47 p.m.•13 views

CSRF vulnerability in the admin panel

More info at https://sylius.com/blog/csrf-vulnerability-in-admin-panel/...

Friends Of PHP•added 2018/07/08 11:47 p.m.•10 views

CSRF vulnerability in the admin panel

More info at https://sylius.com/blog/csrf-vulnerability-in-admin-panel/...

Friends Of PHP•added 2018/07/07 11:34 a.m.•18 views

When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information

More info at https://phabricator.wikimedia.org/T187638...

6.5CVSS6.7AI score0.02797EPSS

Friends Of PHP•added 2018/06/29 12:0 a.m.•9 views

SUPEE-10752 - Multiple security enhancements vulnerabilities

More info at https://magento.com/security/patches/supee-10752...

Friends Of PHP•added 2018/06/28 12:0 a.m.•11 views

Adminer script versions up to 4.6.2 contains file disclosure vulnerability

More info at https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability...

Friends Of PHP•added 2018/06/28 12:0 a.m.•15 views

Adminer script versions up to 4.6.2 contains file disclosure vulnerability

More info at https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability...

0.7AI score

Friends Of PHP•added 2018/06/27 12:0 a.m.•6 views

Magento 2.2.5 and 2.1.14 Security update

More info at https://magento.com/security/patches/magento-2.2.5-and-2.1.14-security-update...

Friends Of PHP•added 2018/06/11 3:28 p.m.•9 views

URL Rewrite vulnerability

More info at https://framework.zend.com/security/advisory/ZF2018-01...

Friends Of PHP•added 2018/06/11 3:28 p.m.•12 views

URL Rewrite vulnerability

More info at https://framework.zend.com/security/advisory/ZF2018-01...

Friends Of PHP•added 2018/06/11 3:28 p.m.•10 views

URL Rewrite vulnerability

More info at https://framework.zend.com/security/advisory/ZF2018-01...

Friends Of PHP•added 2018/06/11 3:28 p.m.•8 views

URL Rewrite vulnerability

More info at https://framework.zend.com/security/advisory/ZF2018-01...

Friends Of PHP•added 2018/05/29 6:12 p.m.•16 views

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

7.5CVSS9.7AI score0.06195EPSS

Exploits1Affected Software1

Friends Of PHP•added 2018/05/29 6:12 p.m.•32 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS

Exploits1Affected Software1

Friends Of PHP•added 2018/05/25 12:12 p.m.•17 views

CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password

More info at https://symfony.com/cve-2018-11407...

9.8CVSS7.2AI score0.02345EPSS

Friends Of PHP•added 2018/05/25 12:12 p.m.•18 views

CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password

More info at https://symfony.com/cve-2018-11407...

9.8CVSS7.2AI score0.02345EPSS