Friendsofphp - Page 23 of Friendsofphp Vulnerabilities List | Vulners.com

FriendsofphpRecent

Recent Most viewed

1702 matches found

Friends Of PHP•added 2016/02/23 12:28 p.m.•13 views

Denial of Service attack possibility in TYPO3 component Indexed Search

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-008/...

Exploits0Affected Software1

Friends Of PHP•added 2016/02/23 12:28 p.m.•10 views

Cross-Site Scripting in TYPO3 component CSS styled content

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-007/...

Exploits0Affected Software1

Friends Of PHP•added 2016/02/18 11:5 a.m.•8 views

SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers

More info at https://www.silverstripe.org/download/security-releases/ss-2016-003/...

Exploits0Affected Software1

Friends Of PHP•added 2016/02/17 5:55 p.m.•12 views

SS-2015-028: Missing security check on dev/build/defaults

More info at https://www.silverstripe.org/download/security-releases/ss-2015-028/...

Exploits0Affected Software1

Friends Of PHP•added 2016/02/17 5:50 p.m.•9 views

SS-2016-002: CSRF vulnerability in GridFieldAddExistingAutocompleter

More info at https://www.silverstripe.org/download/security-releases/ss-2016-002/...

Exploits0Affected Software1

Friends Of PHP•added 2016/02/16 12:32 p.m.•12 views

Cross-Site Scripting in link validator component

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-002/...

Exploits0Affected Software1

Friends Of PHP•added 2016/02/16 12:32 p.m.•10 views

SQL Injection in dbal

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-016/...

Exploits0Affected Software1

Friends Of PHP•added 2016/02/16 12:32 p.m.•13 views

Cross-Site Scripting in legacy form component

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-003/...

Exploits0Affected Software1

Friends Of PHP•added 2016/02/16 12:32 p.m.•11 views

Cross-Site Scripting in form component

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-004/...

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•22 views

Email address can be matched to an account

More info at https://www.drupal.org/SA-CORE-2016-001...

5.3CVSS7.2AI score0.0215EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•29 views

Reflected file download vulnerability

More info at https://www.drupal.org/SA-CORE-2016-001...

8.5CVSS7.2AI score0.02483EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•22 views

File upload access bypass and denial of service

More info at https://www.drupal.org/SA-CORE-2016-001...

8.1CVSS7.2AI score0.0159EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•22 views

Brute force amplification attacks via XML-RPC

More info at https://www.drupal.org/SA-CORE-2016-001...

7.5CVSS7.2AI score0.01426EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•20 views

Email address can be matched to an account

More info at https://www.drupal.org/SA-CORE-2016-001...

5.3CVSS7.2AI score0.0215EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•18 views

Saving user accounts can sometimes grant the user all roles

More info at https://www.drupal.org/SA-CORE-2016-001...

8.1CVSS7.2AI score0.02221EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•21 views

Session data truncation can lead to unserialization of user provided data

More info at https://www.drupal.org/SA-CORE-2016-001...

8.1CVSS7.2AI score0.0319EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•23 views

Open redirect via path manipulation

More info at https://www.drupal.org/SA-CORE-2016-001...

7.4CVSS7.2AI score0.0192EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•24 views

Form API ignores access restrictions on submit buttons

More info at https://www.drupal.org/SA-CORE-2016-001...

7.5CVSS7.2AI score0.0136EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•22 views

Open redirect via double-encoded 'destination' parameter

More info at https://www.drupal.org/SA-CORE-2016-001...

7.4CVSS7.2AI score0.01352EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•19 views

Reflected file download vulnerability

More info at https://www.drupal.org/SA-CORE-2016-001...

8.5CVSS7.2AI score0.02483EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•20 views

HTTP header injection using line breaks

More info at https://www.drupal.org/SA-CORE-2016-001...

5.9CVSS7.2AI score0.01179EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•20 views

Session data truncation can lead to unserialization of user provided data

More info at https://www.drupal.org/SA-CORE-2016-001...

8.1CVSS7.2AI score0.0319EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•25 views

Form API ignores access restrictions on submit buttons

More info at https://www.drupal.org/SA-CORE-2016-001...

7.5CVSS7.2AI score0.0136EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•30 views

Saving user accounts can sometimes grant the user all roles

More info at https://www.drupal.org/SA-CORE-2016-001...

8.1CVSS7.2AI score0.02221EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•31 views

File upload access bypass and denial of service

More info at https://www.drupal.org/SA-CORE-2016-001...

8.1CVSS7.2AI score0.0159EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•21 views

Brute force amplification attacks via XML-RPC

More info at https://www.drupal.org/SA-CORE-2016-001...

7.5CVSS7.2AI score0.01426EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•23 views

HTTP header injection using line breaks

More info at https://www.drupal.org/SA-CORE-2016-001...

5.9CVSS7.2AI score0.01179EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•21 views

Open redirect via double-encoded 'destination' parameter

More info at https://www.drupal.org/SA-CORE-2016-001...

7.4CVSS7.2AI score0.01352EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/15 6:57 p.m.•20 views

Open redirect via path manipulation

More info at https://www.drupal.org/SA-CORE-2016-001...

7.4CVSS7.2AI score0.0192EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/02/10 2:51 p.m.•20 views

Composer Cache Injection vulnerability

More info at http://flyingmana.de/blogen/2016/02/14/composercacheinjectionvulnerabilitycve20158371.html...

6.8CVSS0.6AI score0.00697EPSS

Exploits1Affected Software1

Friends Of PHP•added 2016/02/10 2:51 p.m.•23 views

Composer Cache Injection vulnerability

More info at http://flyingmana.de/blogen/2016/02/14/composercacheinjectionvulnerabilitycve20158371.html...

8.8CVSS7.2AI score0.00697EPSS

Exploits1Affected Software1

Friends Of PHP•added 2016/01/14 9:48 a.m.•22 views

CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

More info at https://symfony.com/cve-2016-1902...

7.5CVSS7.2AI score0.01907EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/01/14 9:48 a.m.•20 views

CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

More info at https://symfony.com/cve-2016-1902...

7.5CVSS7.2AI score0.01907EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/01/14 9:48 a.m.•26 views

CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

More info at https://symfony.com/cve-2016-1902...

7.5CVSS7.2AI score0.01907EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/01/06 9:35 p.m.•29 views

Local File Disclosure

SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to msgHTML is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to msgHTML without a $basedir will not import images with relative URLs, and relative...

5.5CVSS5.5AI score0.02143EPSS

Exploits6Affected Software1

Friends Of PHP•added 2015/12/15 11:38 a.m.•12 views

Cross-Site Scripting in TYPO3 component Indexed Search

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/...

Exploits0Affected Software1

Friends Of PHP•added 2015/12/15 11:38 a.m.•12 views

Cross-Site Scripting vulnerability in typolinks

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/...

Exploits0Affected Software1

Friends Of PHP•added 2015/12/15 11:38 a.m.•13 views

Multiple Cross-Site Scripting vulnerabilities in frontend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/...

Exploits0Affected Software1

Friends Of PHP•added 2015/12/15 11:38 a.m.•10 views

Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/...

Exploits0Affected Software1

Friends Of PHP•added 2015/12/15 11:38 a.m.•9 views

TYPO3 is susceptible to Cross-Site Flashing

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/...

Exploits0Affected Software1

Friends Of PHP•added 2015/12/14 6:22 p.m.•20 views

Remote Code Execution Vulnerability

More info at https://developer.joomla.org/security-centre/637-20151205-session-remote-code-execution-vulnerability.html...

7.5CVSS7.2AI score0.08875EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/12/07 12:7 a.m.•31 views

Remote Code Execution (complement of CVE-2014-2383)

This release is superseded by version 0.7.0 This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf. Please read the new docume...

8.8CVSS7.6AI score0.39374EPSS

Exploits7Affected Software1

Friends Of PHP•added 2015/12/07 12:7 a.m.•23 views

Denial Of Service Vector

This release is superseded by version 0.7.0 This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf. Please read the new docume...

8.8CVSS7.6AI score0.39374EPSS

Exploits7Affected Software1

Friends Of PHP•added 2015/12/07 12:7 a.m.•21 views

Information Disclosure

This release is superseded by version 0.7.0 This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf. Please read the new docume...

8.8CVSS7.6AI score0.39374EPSS

Exploits7Affected Software1

Friends Of PHP•added 2015/11/23 9:3 p.m.•11 views

XSS vulnerabilities in Neos

More info at https://www.neos.io/blog/neos-sa-2015-002.html...

Exploits0Affected Software1

Friends Of PHP•added 2015/11/23 9:3 p.m.•8 views

XSS vulnerabilities in Neos

More info at https://www.neos.io/blog/neos-sa-2015-002.html...

Exploits0Affected Software1

Friends Of PHP•added 2015/11/23 2:30 p.m.•8 views

Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word

More info at https://framework.zend.com/security/advisory/ZF2015-09...

Exploits0Affected Software1

Friends Of PHP•added 2015/11/23 2:30 p.m.•13 views

Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey

More info at https://framework.zend.com/security/advisory/ZF2015-10...

7.5CVSS7.2AI score0.01356EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/11/23 2:30 p.m.•10 views

Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word

More info at https://framework.zend.com/security/advisory/ZF2015-09...

Exploits0Affected Software1

Friends Of PHP•added 2015/11/23 2:30 p.m.•14 views

Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey

More info at https://framework.zend.com/security/advisory/ZF2015-10...

7.5CVSS7.2AI score0.01356EPSS

Exploits0Affected Software1

Total number of security vulnerabilities1702