Friendsofphp - Page 19 of Friendsofphp Vulnerabilities List

Friends Of PHP•added 2018/02/20 9:35 p.m.•24 views

Comment reply form allows access to restricted content.

More info at https://www.drupal.org/SA-CORE-2018-001...

8.1CVSS7.2AI score0.0123EPSS

Exploits1Affected Software1

Friends Of PHP•added 2018/02/19 1:4 p.m.•11 views

SQL injection possible with limit() on MySQL

The limit query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: php UserQuery::create-limit'1;DROP TABLE users'-find; This will drop the users table! The cause appears to be a lack of integer casting of the limit input in either...

8.5AI score

Friends Of PHP•added 2018/02/16 1:38 p.m.•14 views

SQL injection possible with limit() on MySQL

8.5AI score

Friends Of PHP•added 2018/02/12 7:47 p.m.•54 views

HTTP Proxy header vulnerability

Bugfixes Mitigate HTTPoxy vulnerability 23...

5.1CVSS0.4AI score0.50427EPSS

Friends Of PHP•added 2018/02/12 7:47 p.m.•43 views

HTTP Proxy header vulnerability

Bugfixes Mitigate HTTPoxy vulnerability 23...

8.1CVSS6.4AI score0.50427EPSS

Friends Of PHP•added 2018/02/06 4:4 p.m.•9 views

EZSA-2018-001 Several vulnerabilities in Forgot password, Information collector, XML text, and Matrix field type features

More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features...

Friends Of PHP•added 2018/02/01 5:33 p.m.•7 views

SS-2018-004: XSS Vulnerability via WYSIWYG editor

More info at https://www.silverstripe.org/download/security-releases/ss-2018-004/...

Friends Of PHP•added 2018/01/31 10:34 a.m.•24 views

Open redirection protection bypass

More info at https://simplesamlphp.org/security/201801-02...

6.1CVSS7.2AI score0.0086EPSS

Friends Of PHP•added 2018/01/31 10:34 a.m.•18 views

Use of insecure connection charset (sqlauth module)

More info at https://simplesamlphp.org/security/201801-03...

9.8CVSS7.2AI score0.03111EPSS

Exploits1Affected Software1

Friends Of PHP•added 2018/01/25 10:23 a.m.•24 views

Denial of Service in timestamp validation function

More info at https://simplesamlphp.org/security/201801-01...

7.5CVSS7.2AI score0.01728EPSS

Friends Of PHP•added 2018/01/22 12:30 p.m.•12 views

Non-Persistent XSS

More info at https://community.shopware.com/detail2048.html...

Friends Of PHP•added 2018/01/22 8:41 a.m.•27 views

Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

7.5CVSS7.2AI score0.02913EPSS

Friends Of PHP•added 2018/01/22 8:41 a.m.•24 views

Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

7.5CVSS7.2AI score0.02913EPSS

Friends Of PHP•added 2018/01/18 9:14 a.m.•22 views

XSS vulnerabililty in the front end "unsubscribe" module of the newsletter extension

More info at https://contao.org/en/news/contao-3532.html...

6.1CVSS7.2AI score0.00411EPSS

Friends Of PHP•added 2018/01/16 10:51 a.m.•19 views

Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air.

Bugfixes Fixed a security issue discovered by @hernandev that enabled an attacker to impersonate any registered user in a Firebase application...

6.8CVSS7.7AI score0.01335EPSS

Friends Of PHP•added 2018/01/16 10:51 a.m.•19 views

Bugfixes Fixed a security issue discovered by @hernandev that enabled an attacker to impersonate any registered user in a Firebase application...

8.1CVSS7.9AI score0.01335EPSS

Friends Of PHP•added 2018/01/13 11:13 p.m.•18 views

The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

8.8CVSS7.2AI score0.00603EPSS

Friends Of PHP•added 2018/01/13 11:13 p.m.•16 views

The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

8.8CVSS7.2AI score0.00603EPSS

Friends Of PHP•added 2017/12/07 1:46 p.m.•8 views

SS-2017-010: install.php discloses sensitive data by pre-populating DB credential forms

More info at https://www.silverstripe.org/download/security-releases/ss-2017-010/...

Friends Of PHP•added 2017/12/07 1:27 p.m.•9 views

SS-2017-007: CSV Excel Macro Injection

More info at https://www.silverstripe.org/download/security-releases/ss-2017-007/...

Friends Of PHP•added 2017/12/07 1:27 p.m.•11 views

SS-2017-009: Users inadvertently passing sensitive data to LoginAttempt

More info at https://www.silverstripe.org/download/security-releases/ss-2017-009/...

Friends Of PHP•added 2017/12/07 1:27 p.m.•11 views

SS-2017-008: SQL injection in full text search of SilverStripe 4

More info at https://www.silverstripe.org/download/security-releases/ss-2017-008/...

Friends Of PHP•added 2017/12/07 1:27 p.m.•10 views

SS-2017-006: Session user agent change detection

More info at https://www.silverstripe.org/download/security-releases/ss-2017-006/...

Friends Of PHP•added 2017/11/16 3:15 p.m.•29 views

CVE-2017-16654: Intl bundle readers breaking out of paths

More info at https://symfony.com/cve-2017-16654...

7.5CVSS7.2AI score0.02677EPSS

Friends Of PHP•added 2017/11/16 3:15 p.m.•26 views

CVE-2017-16654: Intl bundle readers breaking out of paths

More info at https://symfony.com/cve-2017-16654...

7.5CVSS7.2AI score0.02677EPSS

Friends Of PHP•added 2017/11/16 3:14 p.m.•25 views

CVE-2017-16790: Ensure that submitted data are uploaded files

More info at https://symfony.com/cve-2017-16790...

6.5CVSS7.2AI score0.01553EPSS

Friends Of PHP•added 2017/11/16 3:14 p.m.•32 views

CVE-2017-16652: Open redirect vulnerability on security handlers

More info at https://symfony.com/cve-2017-16652...

6.1CVSS7.2AI score0.00949EPSS

Friends Of PHP•added 2017/11/16 3:14 p.m.•28 views

CVE-2017-16790: Ensure that submitted data are uploaded files

More info at https://symfony.com/cve-2017-16790...

6.5CVSS7.2AI score0.01553EPSS

Friends Of PHP•added 2017/11/16 3:14 p.m.•23 views

CVE-2017-16652: Open redirect vulnerability on security handlers

More info at https://symfony.com/cve-2017-16652...

6.1CVSS7.2AI score0.00949EPSS

Friends Of PHP•added 2017/11/16 3:14 p.m.•22 views

CVE-2017-16652: Open redirect vulnerability on security handlers

More info at https://symfony.com/cve-2017-16652...

6.1CVSS7.2AI score0.00949EPSS

Friends Of PHP•added 2017/11/16 3:12 p.m.•34 views

CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS

More info at https://symfony.com/cve-2017-16653...

5.9CVSS7.2AI score0.01472EPSS

Friends Of PHP•added 2017/11/16 3:12 p.m.•28 views

CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS

More info at https://symfony.com/cve-2017-16653...

5.9CVSS7.2AI score0.01472EPSS

Friends Of PHP•added 2017/11/16 3:12 p.m.•25 views

CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS

More info at https://symfony.com/cve-2017-16653...

5.9CVSS7.2AI score0.01472EPSS

Friends Of PHP•added 2017/11/15 8:53 a.m.•25 views

SQL injection vulnerabililty in the front end listing module

More info at https://contao.org/en/news/contao-448.html...

Friends Of PHP•added 2017/11/15 8:53 a.m.•26 views

SQL injection vulnerabililty in the back end search filter and the front end listing module

More info at https://contao.org/en/news/contao-3531.html...

Friends Of PHP•added 2017/11/15 8:51 a.m.•37 views

SQL injection vulnerabililty in the back end search filter

More info at https://contao.org/en/news/contao-448.html...

Friends Of PHP•added 2017/11/15 8:51 a.m.•25 views

SQL injection vulnerabililty in the back end search filter

More info at https://contao.org/en/news/contao-448.html...

Friends Of PHP•added 2017/11/01 7:2 p.m.•21 views

Arbitrary code execution via a crafted email address

More info at https://github.com/zetacomponents/Mail/issues/58...

6.8CVSS7.8AI score0.10652EPSS

Exploits3Affected Software1

Friends Of PHP•added 2017/11/01 7:2 p.m.•51 views

Arbitrary code execution via a crafted email address

More info at https://github.com/zetacomponents/Mail/issues/58...

8.1CVSS7.2AI score0.10652EPSS

Exploits3Affected Software1

Friends Of PHP•added 2017/10/29 12:24 p.m.•8 views

XSS in class documenting_xmlrpc_server

More info at https://github.com/gggeek/phpxmlrpc-extras/releases/tag/0.6.1...

Friends Of PHP•added 2017/10/25 10:54 a.m.•26 views

Signature validation bypass (SAML 1.1)

More info at https://simplesamlphp.org/security/201710-01...

8.1CVSS7.2AI score0.01119EPSS

Friends Of PHP•added 2017/09/28 3:37 p.m.•10 views

SS-2017-005: User enumeration via timing attack on login and password reset forms

More info at https://www.silverstripe.org/download/security-releases/ss-2017-005/...

Friends Of PHP•added 2017/09/14 2:30 p.m.•16 views

XSS in the url field on the password workspace grid and sidebar

More info at https://www.passbolt.com/incidents/20170914xssonresourceurls...

5.4CVSS5.8AI score0.00516EPSS

Friends Of PHP•added 2017/09/05 11:37 a.m.•11 views

Cross-Site Scripting in TYPO3 CMS Backend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-004/...

Friends Of PHP•added 2017/09/05 11:37 a.m.•13 views

Information Disclosure in TYPO3 CMS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/...

Friends Of PHP•added 2017/09/05 11:37 a.m.•9 views

Information Disclosure in TYPO3 CMS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/...

Friends Of PHP•added 2017/09/05 11:37 a.m.•10 views

Arbitrary Code Execution in TYPO3 CMS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/...

Friends Of PHP•added 2017/08/25 11:35 a.m.•21 views

Cross Site Scripting (XSS) in the consentAdmin module

More info at https://simplesamlphp.org/security/201709-01...

6.1CVSS7.2AI score0.01223EPSS

Friends Of PHP•added 2017/08/21 1:16 p.m.•7 views

EZSA-2017-006 Information disclosure in backend content tree menu

More info at http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu...