Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
FriendsofphpRecent
RecentMost viewed

1697 matches found

Friends Of PHP
Friends Of PHP•added 2015/11/23 11:45 a.m.•15 views

CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature

More info at https://symfony.com/cve-2015-8124...

6.8CVSS7.2AI score0.02712EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/11/23 11:45 a.m.•24 views

CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service

More info at https://symfony.com/cve-2015-8125...

7.5CVSS7.2AI score0.02545EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/11/23 11:45 a.m.•14 views

CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service

More info at https://symfony.com/cve-2015-8125...

7.5CVSS7.2AI score0.02545EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/11/23 9:24 a.m.•10 views

Arbitrary file upload and XML External Entity processing

More info at https://www.neos.io/blog/flow-sa-2015-001.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/11/23 9:24 a.m.•11 views

Arbitrary file upload and XML External Entity processing

More info at https://www.neos.io/blog/flow-sa-2015-001.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/11/13 10:30 a.m.•9 views

SS-2015-027: HtmlEditor embed url sanitisation

More info at https://www.silverstripe.org/download/security-releases/ss-2015-027/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/11/11 2:31 p.m.•8 views

SS-2015-026: Form field validation message XSS vulnerability

More info at https://www.silverstripe.org/download/security-releases/ss-2015-026/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/11/05 10:8 p.m.•8 views

Remote File Inclusion through View template name manipulation

More info at https://bakery.cakephp.org/2015/11/05/cakephp30153142612276released.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/11/01 10:15 a.m.•52 views

Multiple CRLF injection vulnerabilities

This release contains an important security update. Security update Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack...

5CVSS9.3AI score0.01988EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/11/01 10:15 a.m.•24 views

Multiple CRLF injection vulnerabilities

This release contains an important security update. Security update Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack...

5CVSS9.4AI score0.01988EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/10/27 12:30 p.m.•14 views

XSS attack vector in Security Library method xss_clean()

More info at https://www.codeigniter.com/userguide/changelog.htmlversion-3-0-3...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/10/27 12:30 p.m.•16 views

XSS attack vector in Security Library method xss_clean()

More info at https://www.codeigniter.com/userguide/changelog.htmlversion-3-0-3...

0.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/09/15 6:52 p.m.•15 views

Filesystem Permissions Issues in Multiple Components

More info at https://framework.zend.com/security/advisory/ZF2015-07...

7.2CVSS7.6AI score0.00384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/09/15 6:52 p.m.•19 views

Filesystem Permissions Issues in Multiple Components

More info at https://framework.zend.com/security/advisory/ZF2015-07...

7.8CVSS7.2AI score0.00384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/09/15 5:15 p.m.•9 views

Filesystem Permissions Issues in Multiple Components

More info at https://framework.zend.com/security/advisory/ZF2015-07...

7.8CVSS7.2AI score0.00384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/09/15 4:9 p.m.•9 views

Filesystem Permissions Issues in Multiple Components

More info at https://framework.zend.com/security/advisory/ZF2015-07...

7.8CVSS7.2AI score0.00384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/09/15 3:50 p.m.•11 views

Potential SQL injection vector using null byte for PDO (MsSql, SQLite)

More info at https://framework.zend.com/security/advisory/ZF2015-08...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/09/15 3:50 p.m.•16 views

Filesystem Permissions Issues in Multiple Components

More info at https://framework.zend.com/security/advisory/ZF2015-07...

7.8CVSS7.2AI score0.00384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/09/14 10:44 a.m.•9 views

SS-2015-016: XSS in install.php

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-016/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/09/14 10:38 a.m.•12 views

SS-2015-017: Forum Module CSRF Vulnerability

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-017/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/09/14 9:17 a.m.•8 views

SS-2015-015: XSS in dev/build returnURL Parameter

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-015/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/09/08 10:59 a.m.•30 views

Backend: Non-Persistent Cross-Site Scripting

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/...

3.5CVSS7.2AI score0.02006EPSS
Exploits3Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/09/08 10:57 a.m.•13 views

Frontend: Unauthenticated Path Disclosure

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/08/31 2:47 p.m.•16 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/08/31 2:34 p.m.•16 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/08/31 2:32 p.m.•9 views

SS-2015-018: File upload exposure on UserForms module

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-018/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/08/31 1:34 p.m.•19 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/08/31 1:2 p.m.•18 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/08/31 12:59 p.m.•16 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/08/31 12:37 p.m.•20 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/08/31 12:36 p.m.•21 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/08/12 3:53 p.m.•25 views

Remote code execution in templates

More info at https://symfony.com/blog/security-release-twig-1-20-0...

6.8CVSS7.2AI score0.03398EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/08/06 10:8 p.m.•16 views

Direct access of prefixed controller actions

More info at https://bakery.cakephp.org/2015/08/06/cakephp2592610272released.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/08/03 3:13 p.m.•27 views

XXE/XEE vector when using ZendXml on multibyte payloads

More info at https://framework.zend.com/security/advisory/ZF2015-06...

6.8CVSS9.7AI score0.09911EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/08/03 3:13 p.m.•36 views

XXE/XEE vector when using ZendXml on multibyte payloads

More info at https://framework.zend.com/security/advisory/ZF2015-06...

6.8CVSS9.7AI score0.09911EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/08/03 3:13 p.m.•30 views

XXE/XEE vector when using ZendXml on multibyte payloads

More info at https://framework.zend.com/security/advisory/ZF2015-06...

6.8CVSS9.7AI score0.09911EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/08/03 12:55 p.m.•11 views

State guessing vulnerability

By doing this we're protecting against people trying to guess the state...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/07/26 7:42 p.m.•11 views

Critical SQL injection bug in the ODBC database driver

More info at https://forum.codeigniter.com/thread-65803.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/07/24 12:41 a.m.•34 views

Security Misconfiguration Vulnerability in the AWS SDK for PHP

SECURITY FIX: This release addresses a security issue associated with CVE-2015-5723, specifically, fixes improper default directory umask behavior that could potentially allow unauthorized modifications of PHP code. Thanks to @ryan-lane for the initial report. Aws\Ec2 - Added support for...

7.2CVSS7.6AI score0.00384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/07/24 12:41 a.m.•23 views

Security Misconfiguration Vulnerability in the AWS SDK for PHP

SECURITY FIX: This release addresses a security issue associated with CVE-2015-5723, specifically, fixes improper default directory umask behavior that could potentially allow unauthorized modifications of PHP code. Thanks to @ryan-lane for the initial report. - Aws\Ec2 - Added support for...

7.8CVSS7.7AI score0.00384EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/07/23 1:53 p.m.•12 views

Insecure state generation

More info at https://github.com/laravel/socialite/pull/91...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/07/10 6:12 p.m.•24 views

class yii\web\ViewAction allowed to include arbitrary files that end with .php

More info at https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/...

9.8CVSS7.2AI score0.0074EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/07/10 6:12 p.m.•20 views

class yii\web\ViewAction allowed to include arbitrary files that end with .php

More info at https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/...

9.8CVSS7.2AI score0.0074EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/07/08 1:51 p.m.•9 views

Forced Redirect to External Website

More info at https://www.orocrm.com/blog/news/orocrm-security-announcement...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/07/08 1:47 p.m.•15 views

Forced Redirect to External Website

More info at https://www.orocrm.com/blog/news/orocrm-security-announcement...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/07/01 2:20 p.m.•26 views

Cross-Site Scripting in 3rd party library Flowplayer

More info at https://typo3.org/security/advisory/typo3-core-sa-2015-007...

4.3CVSS7.2AI score0.02405EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/07/01 2:16 p.m.•9 views

Information Disclosure possibility exploitable by Editors

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-005/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/07/01 2:16 p.m.•11 views

Cross-Site Scripting exploitable by Editors

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/07/01 2:16 p.m.•7 views

Frontend login Session Fixation

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-003/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2015/07/01 2:16 p.m.•11 views

Brute Force Protection Bypass in backend login

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006/...

7.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities1697