Friendsofphp - Page 21 of Friendsofphp Vulnerabilities List | Vulners.com

FriendsofphpRecent

Recent Most viewed

1702 matches found

Friends Of PHP•added 2017/02/26 10:15 p.m.•20 views

Arbitrary shell execution

Security Advisory This release contains a fix for a security advisory related to the improper handling of shell commands Uses of shellexec and exec were not escaping filenames and configuration settings in most cases A properly crafted filename or configuration option would allow for arbitrary co...

Exploits0Affected Software1

Friends Of PHP•added 2017/02/26 10:15 p.m.•16 views

Arbitrary shell execution

Security Advisory - This release contains a fix for a security advisory related to the improper handling of shell commands - Uses of shellexec and exec were not escaping filenames and configuration settings in most cases - A properly crafted filename or configuration option would allow for...

Exploits0Affected Software1

Friends Of PHP•added 2017/02/07 12:0 a.m.•11 views

SUPEE-9652 - Remote Code Execution using mail vulnerability

More info at https://magento.com/security/patches/supee-9652...

Exploits0Affected Software1

Friends Of PHP•added 2017/02/07 12:0 a.m.•7 views

SUPEE-9652 - Remote Code Execution using mail vulnerability

More info at https://magento.com/security/patches/supee-9652...

Exploits0Affected Software1

Friends Of PHP•added 2017/02/01 10:45 a.m.•19 views

Remote Code Execution in Qquoteadv/controllers/DownloadController.php

More info at https://cart2quote.zendesk.com/hc/en-us/articles/115000616303--FIXED-Security-Vulnerability-in-downloadCustomOptionAction...

Exploits0Affected Software1

Friends Of PHP•added 2017/02/01 10:45 a.m.•8 views

Remote Code Execution in Qquoteadv/controllers/DownloadController.php

More info at https://cart2quote.zendesk.com/hc/en-us/articles/115000616303--FIXED-Security-Vulnerability-in-downloadCustomOptionAction...

Exploits0Affected Software1

Friends Of PHP•added 2017/01/31 11:39 a.m.•14 views

SS-2017-001: XSS In page name

More info at https://www.silverstripe.org/download/security-releases/ss-2017-001/...

Exploits0Affected Software1

Friends Of PHP•added 2017/01/24 3:56 p.m.•13 views

Remote Code Execution Vulnerability

More info at https://community.shopware.com/detail1989.html...

Exploits0Affected Software1

Friends Of PHP•added 2017/01/19 8:19 a.m.•11 views

Remote Code Execution Vulnerability

More info at https://community.shopware.com/detail1989.html...

Exploits0Affected Software1

Friends Of PHP•added 2017/01/19 8:19 a.m.•7 views

Remote Code Execution Vulnerability

More info at https://community.shopware.com/detail1989.html...

Exploits0Affected Software1

Friends Of PHP•added 2017/01/06 5:0 p.m.•11 views

Security fix for Flow Swift Mailer package

More info at https://www.neos.io/blog/flow-sa-2017-01.html...

Exploits0Affected Software1

Friends Of PHP•added 2017/01/06 5:0 p.m.•11 views

Security fix for Flow Swift Mailer package

More info at https://www.neos.io/blog/flow-sa-2017-01.html...

Exploits0Affected Software1

Friends Of PHP•added 2017/01/03 1:29 p.m.•9 views

Cross-Site Scripting in TYPO3 CMS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/...

Exploits0Affected Software1

Friends Of PHP•added 2017/01/03 1:29 p.m.•10 views

Remote Code Execution in third party library swiftmailer

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-001/...

Exploits0Affected Software1

Friends Of PHP•added 2016/12/29 10:1 a.m.•23 views

Remote Code Execution when using the mail transport

More info at https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html...

9.8CVSS9.7AI score0.41827EPSS

Exploits18Affected Software1

Friends Of PHP•added 2016/12/28 12:28 p.m.•36 views

Remote Code Execution

Important security update! This release patches the critical vulnerability described in CVE-2016-10045 a remote code execution vulnerability, responsibly reported by Dawid Golunski, and patched by Paul Buonopane @Zenexer. Possible side effect - complex sender addresses such as those used in VERP...

9.8CVSS10AI score0.98038EPSS

Exploits19Affected Software1

Friends Of PHP•added 2016/12/23 11:40 p.m.•33 views

Remote Code Execution

SECURITY Critical security update for CVE-2016-10033 please update now! Thanks to Dawid Golunski. - Add ability to extract the SMTP transaction ID from some common SMTP success messages - Minor documentation tweaks...

9.8CVSS9.9AI score0.99714EPSS

Exploits58Affected Software1

Friends Of PHP•added 2016/12/19 10:44 p.m.•10 views

Potential remote code execution in zend-mail via Sendmail adapter

More info at https://framework.zend.com/security/advisory/ZF2016-04...

Exploits0Affected Software1

Friends Of PHP•added 2016/12/19 3:29 p.m.•7 views

Potential remote code execution in zend-mail via Sendmail adapter

More info at https://framework.zend.com/security/advisory/ZF2016-04...

Exploits0Affected Software1

Friends Of PHP•added 2016/12/12 12:13 p.m.•24 views

Incorrect persistent NameID generation

More info at https://simplesamlphp.org/security/201612-04...

9.8CVSS7.2AI score0.01656EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/12/03 12:16 p.m.•21 views

Incorrect signature verification

More info at https://simplesamlphp.org/security/201612-03...

7.5CVSS7.2AI score0.01261EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/12/03 12:14 p.m.•28 views

Incorrect signature verification

More info at https://simplesamlphp.org/security/201612-02...

6.3CVSS7.2AI score0.01188EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/11/29 1:12 p.m.•24 views

Incorrect signature verification

More info at https://simplesamlphp.org/security/201612-01...

9.1CVSS7.2AI score0.02424EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/11/22 10:9 a.m.•14 views

Path Traversal in TYPO3 Core

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024/...

Exploits0Affected Software1

Friends Of PHP•added 2016/11/22 10:9 a.m.•16 views

Insecure Unserialize in TYPO3 Backend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023/...

Exploits0Affected Software1

Friends Of PHP•added 2016/11/18 12:17 p.m.•7 views

SS-2016-010: ReadOnly transformation for formfields exploitable

More info at https://www.silverstripe.org/download/security-releases/ss-2016-010/...

Exploits0Affected Software1

Friends Of PHP•added 2016/11/18 12:17 p.m.•15 views

SS-2016-016: XSS In CMSSecurity BackURL

More info at https://www.silverstripe.org/download/security-releases/ss-2016-016/...

Exploits0Affected Software1

Friends Of PHP•added 2016/11/16 6:45 p.m.•18 views

Inconsistent name for term access query

More info at https://www.drupal.org/SA-CORE-2016-005...

4.3CVSS7.2AI score0.01957EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/11/16 6:45 p.m.•17 views

Inconsistent name for term access query

More info at https://www.drupal.org/SA-CORE-2016-005...

4.3CVSS7.2AI score0.01957EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/11/16 6:45 p.m.•18 views

Denial of service via transliterate mechanism

More info at https://www.drupal.org/SA-CORE-2016-005...

6.5CVSS7.2AI score0.01719EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/11/16 6:45 p.m.•18 views

Denial of service via transliterate mechanism

More info at https://www.drupal.org/SA-CORE-2016-005...

6.5CVSS7.2AI score0.01719EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/11/16 6:45 p.m.•16 views

Incorrect cache context on password reset page

More info at https://www.drupal.org/SA-CORE-2016-005...

7.5CVSS7.2AI score0.01004EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/11/16 6:45 p.m.•19 views

Incorrect cache context on password reset page

More info at https://www.drupal.org/SA-CORE-2016-005...

7.5CVSS7.2AI score0.01004EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/11/13 5:52 p.m.•50 views

RCE vulnerability in phpunit

More info at https://nvd.nist.gov/vuln/detail/CVE-2017-9841...

7.5CVSS0.5AI score0.99999EPSS

Exploits19Affected Software1

Friends Of PHP•added 2016/11/13 5:52 p.m.•39 views

RCE vulnerability in phpunit

More info at https://nvd.nist.gov/vuln/detail/CVE-2017-9841...

9.8CVSS9.7AI score0.99999EPSS

Exploits19Affected Software1

Friends Of PHP•added 2016/11/01 5:0 p.m.•10 views

Time-Based Information Disclosure Vulnerability in Flow

More info at https://www.neos.io/blog/flow-sa-2016-001.html...

Exploits0Affected Software1

Friends Of PHP•added 2016/11/01 5:0 p.m.•11 views

Time-Based Information Disclosure Vulnerability in Flow

More info at https://www.neos.io/blog/flow-sa-2016-001.html...

Exploits0Affected Software1

Friends Of PHP•added 2016/10/31 9:0 a.m.•13 views

Local File Inclusion Vulnerability

More info at https://hackerone.com/reports/179034...

Exploits0Affected Software1

Friends Of PHP•added 2016/10/31 9:0 a.m.•14 views

Local File Inclusion Vulnerability

More info at https://hackerone.com/reports/179034...

Exploits0Affected Software1

Friends Of PHP•added 2016/10/04 8:18 p.m.•5 views

Null reset codes were allowed

More info at https://haxx.ml/post/149975211631/how-i-hacked-your-cfp-and-probably-some-other...

Exploits0Affected Software1

Friends Of PHP•added 2016/10/04 8:18 p.m.•13 views

Null reset codes were allowed

More info at https://haxx.ml/post/149975211631/how-i-hacked-your-cfp-and-probably-some-other...

Exploits0Affected Software1

Friends Of PHP•added 2016/10/04 3:39 p.m.•25 views

Vulnerability to Response Wrapping attacks resulting in a malicious user gaining unauthorized access to a system.

Improve Signature validation process. Validates NameID only if strict is enabled...

6.5AI score0.00262EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/09/27 8:6 a.m.•10 views

ImageMagick driver does not escape all shell arguments.

More info at https://fuelphp.com/security-advisories...

Exploits0Affected Software1

Friends Of PHP•added 2016/09/27 8:6 a.m.•13 views

ImageMagick driver does not escape all shell arguments.

More info at https://fuelphp.com/security-advisories...

Exploits0Affected Software1

Friends Of PHP•added 2016/09/21 6:39 p.m.•15 views

Users without "Administer comments" can set comment visibility on nodes they can edit

More info at https://www.drupal.org/SA-CORE-2016-004...

4.3CVSS7.2AI score0.01678EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/09/21 6:39 p.m.•22 views

Full config export can be downloaded without administrative permissions

More info at https://www.drupal.org/SA-CORE-2016-004...

4.3CVSS7.2AI score0.01716EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/09/21 6:39 p.m.•20 views

Cross-site Scripting in http exceptions

More info at https://www.drupal.org/SA-CORE-2016-004...

6.1CVSS7.2AI score0.01488EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/09/21 6:39 p.m.•22 views

Users without "Administer comments" can set comment visibility on nodes they can edit

More info at https://www.drupal.org/SA-CORE-2016-004...

4.3CVSS7.2AI score0.01678EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/09/21 6:39 p.m.•16 views

Cross-site Scripting in http exceptions

More info at https://www.drupal.org/SA-CORE-2016-004...

6.1CVSS7.2AI score0.01488EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/09/21 6:39 p.m.•26 views

Full config export can be downloaded without administrative permissions

More info at https://www.drupal.org/SA-CORE-2016-004...

4.3CVSS7.2AI score0.01716EPSS

Exploits0Affected Software1

Total number of security vulnerabilities1702