Friendsofphp - Page 22 of Friendsofphp Vulnerabilities List

Friends Of PHP•added 2016/08/15 6:5 p.m.•13 views

SS-2016-007: VersionedRequestFilter vulnerability

More info at https://www.silverstripe.org/download/security-releases/ss-2016-007/...

Friends Of PHP•added 2016/07/19 1:3 p.m.•13 views

Information Disclosure in TYPO3 Backend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-017...

Friends Of PHP•added 2016/07/19 1:3 p.m.•20 views

Environment Variable Injection

More info at https://typo3.org/security/advisory/typo3-core-sa-2016-019...

8.1CVSS9.7AI score0.50427EPSS

Friends Of PHP•added 2016/07/19 1:3 p.m.•13 views

SQL Injection in TYPO3 Frontend Login

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-016...

Friends Of PHP•added 2016/07/19 1:3 p.m.•9 views

Cross-Site Scripting vulnerability in typolinks

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-018...

Friends Of PHP•added 2016/07/19 1:3 p.m.•16 views

Cross-Site Scripting in third party library mso/idna-convert

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-020...

Friends Of PHP•added 2016/07/19 1:3 p.m.•8 views

Cross-Site Scripting in TYPO3 Backend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-014/...

Friends Of PHP•added 2016/07/19 1:3 p.m.•11 views

Insecure Unserialize in TYPO3 Import/Export

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-015...

Friends Of PHP•added 2016/07/18 8:27 p.m.•26 views

HTTP Proxy header vulnerability

Bug Fixes - Removed support for using HTTPPROXY environment variable for non-CLI apps per CVE-2016-5385 httpoxy. Graham Campbell 143 145 - Convert BUGSNAGNOTIFYRELEASESTAGES to a comma-delimited array Jason Graham Campbell 142 144...

8.1CVSS6.3AI score0.50427EPSS

Friends Of PHP•added 2016/07/18 8:27 p.m.•39 views

HTTP Proxy header vulnerability

Bug Fixes Removed support for using HTTPPROXY environment variable for non-CLI apps per CVE-2016-5385 httpoxy. Graham Campbell 143 145 Convert BUGSNAGNOTIFYRELEASESTAGES to a comma-delimited array Jason Graham Campbell 142 144...

5.1CVSS0.9AI score0.50427EPSS

Friends Of PHP•added 2016/07/18 4:37 p.m.•35 views

HTTP Proxy header vulnerability

More info at https://twitter.com/asyncphp/status/755136084917583872...

8.1CVSS6.8AI score0.50427EPSS

Friends Of PHP•added 2016/07/18 4:1 p.m.•32 views

Drupal Core - Highly Critical - Injection - SA-CORE-2016-003

More info at https://www.drupal.org/SA-CORE-2016-003...

8.1CVSS9.7AI score0.50427EPSS

Friends Of PHP•added 2016/07/18 4:1 p.m.•29 views

Drupal Core - Highly Critical - Injection - SA-CORE-2016-003

More info at https://www.drupal.org/SA-CORE-2016-003...

8.1CVSS9.7AI score0.50427EPSS

Friends Of PHP•added 2016/07/15 5:44 p.m.•29 views

HTTP Proxy header vulnerability

Addressing HTTPPROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/. Please update to this version of Guzzle in order to mitigate the vulnerability when sending Guzzle requests inside of a CGI application. - Fixing timeout bug with StreamHandler - Only read up to Content-Length in...

8.1CVSS6.3AI score0.50427EPSS

Friends Of PHP•added 2016/07/15 8:22 a.m.•33 views

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2 (see CVE-2013-1967)

More info at https://contao.org/en/news/contao-3515.html...

4.3CVSS6.8AI score0.02214EPSS

Friends Of PHP•added 2016/07/14 1:33 p.m.•77 views

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2 (see CVE-2013-1967)

More info at https://contao.org/en/news/contao-3515.html...

4.3CVSS6.6AI score0.06405EPSS

Friends Of PHP•added 2016/07/14 1:33 p.m.•49 views

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2 (see CVE-2013-1967)

More info at https://contao.org/en/news/contao-3515.html...

4.3CVSS6.8AI score0.02214EPSS

Friends Of PHP•added 2016/07/13 12:17 p.m.•11 views

Cross-Site Scripting in TYPO3 Backend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-021...

Friends Of PHP•added 2016/07/13 12:17 p.m.•15 views

Cache Flooding in TYPO3 Frontend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-022...

Friends Of PHP•added 2016/07/06 5:1 p.m.•25 views

Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select

More info at https://framework.zend.com/security/advisory/ZF2016-02...

9.8CVSS7.2AI score0.02047EPSS

Friends Of PHP•added 2016/06/15 8:59 p.m.•19 views

Saving user accounts can sometimes grant the user all roles

More info at https://www.drupal.org/SA-CORE-2016-002...

8.8CVSS7.2AI score0.02531EPSS

Friends Of PHP•added 2016/06/15 8:59 p.m.•24 views

Views can allow unauthorized users to see Statistics information

More info at https://www.drupal.org/SA-CORE-2016-002...

5.3CVSS7.2AI score0.02212EPSS

Friends Of PHP•added 2016/06/15 8:59 p.m.•20 views

Saving user accounts can sometimes grant the user all roles

More info at https://www.drupal.org/SA-CORE-2016-002...

8.8CVSS7.2AI score0.02531EPSS

Friends Of PHP•added 2016/06/15 8:59 p.m.•27 views

Views can allow unauthorized users to see Statistics information

More info at https://www.drupal.org/SA-CORE-2016-002...

5.3CVSS7.2AI score0.02212EPSS

Friends Of PHP•added 2016/06/06 9:50 a.m.•13 views

Link injection

More info at https://simplesamlphp.org/security/201606-01...

Friends Of PHP•added 2016/05/24 9:55 a.m.•8 views

Missing Access Check in TYPO3 CMS

More info at https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/...

Friends Of PHP•added 2016/05/11 11:9 a.m.•8 views

SS-2016-006: Missing CSRF protection in login form

More info at https://www.silverstripe.org/download/security-releases/ss-2016-006/...

Friends Of PHP•added 2016/05/11 11:9 a.m.•9 views

SS-2016-005: Brute force bypass on default admin

More info at https://www.silverstripe.org/download/security-releases/ss-2016-005/...

Friends Of PHP•added 2016/05/11 11:9 a.m.•12 views

SS-2016-004: XSS in CMS Edit Page

More info at https://www.silverstripe.org/download/security-releases/ss-2016-004/...

Friends Of PHP•added 2016/05/09 9:34 p.m.•26 views

CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password

More info at https://symfony.com/cve-2016-2403...

9.8CVSS7.2AI score0.02925EPSS

Friends Of PHP•added 2016/05/09 9:34 p.m.•25 views

CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password

More info at https://symfony.com/cve-2016-2403...

9.8CVSS7.2AI score0.02925EPSS

Friends Of PHP•added 2016/05/09 9:34 p.m.•34 views

CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password

More info at https://symfony.com/cve-2016-2403...

9.8CVSS7.2AI score0.02925EPSS

Friends Of PHP•added 2016/05/09 9:13 p.m.•28 views

CVE-2016-4423: Large username storage in session

More info at https://symfony.com/cve-2016-4423...

7.5CVSS7.2AI score0.01862EPSS

Friends Of PHP•added 2016/05/09 9:13 p.m.•22 views

CVE-2016-4423: Large username storage in session

More info at https://symfony.com/cve-2016-4423...

7.5CVSS7.2AI score0.01862EPSS

Friends Of PHP•added 2016/05/09 9:13 p.m.•23 views

CVE-2016-4423: Large username storage in session

More info at https://symfony.com/cve-2016-4423...

7.5CVSS7.2AI score0.01862EPSS

Friends Of PHP•added 2016/04/13 5:30 p.m.•10 views

Potential Insufficient Entropy Vulnerability in ZF1

More info at https://framework.zend.com/security/advisory/ZF2016-01...

Friends Of PHP•added 2016/04/12 12:7 p.m.•10 views

Cross-Site Scripting in TYPO3 Backend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-009/...

Friends Of PHP•added 2016/04/12 12:7 p.m.•13 views

Arbitrary File Disclosure in Form Component

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-010/...

Friends Of PHP•added 2016/04/12 12:7 p.m.•12 views

Authentication Bypass in TYPO3 CMS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-011/...

Friends Of PHP•added 2016/04/12 12:7 p.m.•9 views

Privilege Escalation in TYPO3 CMS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-012/...

Friends Of PHP•added 2016/04/08 8:54 a.m.•15 views

Unauthenticated Remote Code Execution Vulnerability

More info at https://community.shopware.com/detail1918.html...

10CVSS7.2AI score0.28217EPSS

Exploits2Affected Software1

Friends Of PHP•added 2016/03/16 12:0 a.m.•13 views

Uses insecure CSPRNG (openssl_random_pseudo_bytes())

It's not fork safe In most versions of PHP, it lies about being secure And today I learned that OpenSSL, by default i.e. unchangable from PHP land uses MD5 as a CSPRNG thanks @atoponce I'm stuck between several possible avenues: Release a new version v1.3.0 or most likely v2.0.0 that doesn't rely...

1.1AI score

Friends Of PHP•added 2016/03/16 12:0 a.m.•10 views

Uses insecure CSPRNG (openssl_random_pseudo_bytes())

It's not fork safe - In most versions of PHP, it lies about being secure - And today I learned that OpenSSL, by default i.e. unchangable from PHP land uses MD5 as a CSPRNG thanks @atoponce I'm stuck between several possible avenues: - Release a new version v1.3.0 or most likely v2.0.0 that...

7.1AI score

Friends Of PHP•added 2016/03/07 1:4 p.m.•25 views

Information leakage issue in the sanitycheck module

More info at https://simplesamlphp.org/security/201603-01...

5.3CVSS7.2AI score0.01339EPSS

Friends Of PHP•added 2016/02/23 12:28 p.m.•11 views

XML External Entity (XXE) Processing in TYPO3 Core

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-005/...