Friendsofphp - Page 25 of Friendsofphp Vulnerabilities List | Vulners.com

FriendsofphpRecent

Recent Most viewed

1697 matches found

Friends Of PHP•added 2015/07/01 9:10 a.m.•10 views

Access bypass when editing file metadata

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002/...

Exploits0Affected Software1

Friends Of PHP•added 2015/06/23 3:55 p.m.•15 views

Potential XSS and Open Redirect vectors in zend-diactoros

More info at https://framework.zend.com/security/advisory/ZF2015-05...

6.1CVSS7.2AI score0.00908EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/05/29 12:53 a.m.•8 views

SS-2015-013: X-Forwarded-Host request hostname injection

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-013/...

Exploits0Affected Software1

Friends Of PHP•added 2015/05/28 1:5 p.m.•10 views

SS-2015-014: Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-014/...

Exploits0Affected Software1

Friends Of PHP•added 2015/05/28 11:30 a.m.•8 views

Denial of Service attack through XML payloads

More info at https://bakery.cakephp.org/2015/05/28/cakephp266and306released.html...

Exploits0Affected Software1

Friends Of PHP•added 2015/05/26 11:55 p.m.•20 views

CVE-2015-4050: ESI unauthorized access

More info at https://symfony.com/cve-2015-4050...

4.3CVSS7.2AI score0.08269EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/05/26 11:55 p.m.•26 views

CVE-2015-4050: ESI unauthorized access

More info at https://symfony.com/cve-2015-4050...

4.3CVSS7.2AI score0.08269EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/05/25 2:52 p.m.•12 views

SS-2015-012: External redirection risk in Security?ReturnURL

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-012/...

Exploits0Affected Software1

Friends Of PHP•added 2015/05/25 10:52 a.m.•12 views

SS-2015-011: Potential SQL Injection Vulnerability

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-011/...

Exploits0Affected Software1

Friends Of PHP•added 2015/05/19 5:40 p.m.•23 views

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

6.1CVSS7.2AI score0.01009EPSS

Exploits1Affected Software1

Friends Of PHP•added 2015/05/13 10:53 a.m.•36 views

Exploit in the private channel authentication

More info at https://blog.pusher.com/update-on-security/...

Exploits0Affected Software1

Friends Of PHP•added 2015/05/13 10:53 a.m.•8 views

Exploit in the private channel authentication

More info at https://blog.pusher.com/update-on-security/...

Exploits0Affected Software1

Friends Of PHP•added 2015/05/10 3:58 a.m.•15 views

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

4.3CVSS7.2AI score0.01521EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/05/10 3:43 a.m.•39 views

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

4.3CVSS7.2AI score0.01521EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/05/10 3:41 a.m.•28 views

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

4.3CVSS7.2AI score0.01521EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/05/10 3:38 a.m.•21 views

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

4.3CVSS7.2AI score0.01521EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/05/10 3:38 a.m.•18 views

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

4.3CVSS7.2AI score0.01521EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/05/07 11:30 a.m.•6 views

Incorrect CSRF validation

More info at https://bakery.cakephp.org/2015/05/07/cakephp304released.html...

Exploits0Affected Software1

Friends Of PHP•added 2015/05/07 8:16 a.m.•20 views

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

6.1CVSS7.2AI score0.01009EPSS

Exploits1Affected Software1

Friends Of PHP•added 2015/05/07 8:16 a.m.•22 views

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

6.1CVSS7.2AI score0.01009EPSS

Exploits1Affected Software1

Friends Of PHP•added 2015/05/07 8:16 a.m.•18 views

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

6.1CVSS7.2AI score0.01009EPSS

Exploits1Affected Software1

Friends Of PHP•added 2015/04/29 12:43 a.m.•10 views

XXE Vulnerability

Security: XML filescan in XML-based Readers to prevent XML Entity Expansion XEE see http://projects.webappsec.org/w/page/13247002/XML%20Entity%20Expansion for an explanation of XEE injection attacks...

6.5AI score0.00471EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/04/13 12:10 p.m.•7 views

User authentication bypass

More info at https://thelia.net/version-2-1-3-with-security-fix...

Exploits0Affected Software1

Friends Of PHP•added 2015/04/01 6:55 p.m.•19 views

Unsafe methods in the Request class

More info at https://symfony.com/cve-2015-2309...

7.2AI score0.00785EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/04/01 6:55 p.m.•18 views

Esi Code Injection

More info at https://symfony.com/cve-2015-2308...

6.8CVSS7.2AI score0.01365EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/04/01 6:55 p.m.•21 views

Unsafe methods in the Request class

More info at https://symfony.com/cve-2015-2309...

7.2AI score0.00785EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/04/01 6:55 p.m.•21 views

Esi Code Injection

More info at https://symfony.com/cve-2015-2308...

6.8CVSS7.2AI score0.01365EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/04/01 6:8 p.m.•20 views

Critical vulnerabilities in JSON Web Token libraries

More info at https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/...

Exploits0Affected Software1

Friends Of PHP•added 2015/04/01 6:8 p.m.•12 views

Critical vulnerabilities in JSON Web Token libraries

More info at https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/...

Exploits0Affected Software1

Friends Of PHP•added 2015/03/28 6:24 p.m.•12 views

Privilege Escalation in TYPO3 Neos

More info at https://www.neos.io/blog/neos-sa-2015-001.html...

Exploits0Affected Software1

Friends Of PHP•added 2015/03/28 6:24 p.m.•10 views

Privilege Escalation in TYPO3 Neos

More info at https://www.neos.io/blog/neos-sa-2015-001.html...

Exploits0Affected Software1

Friends Of PHP•added 2015/03/20 7:29 p.m.•8 views

SS-2016-013: Member.Name is not escaped

More info at https://www.silverstripe.org/download/security-releases/ss-2016-013/...

Exploits0Affected Software1

Friends Of PHP•added 2015/03/20 7:29 p.m.•12 views

SS-2016-012: Missing ACL on reports

More info at https://www.silverstripe.org/download/security-releases/ss-2016-012/...

Exploits0Affected Software1

Friends Of PHP•added 2015/03/20 7:29 p.m.•11 views

SS-2016-014: Pre-existing alc_enc cookies log users in if remember me is disabled

More info at https://www.silverstripe.org/download/security-releases/ss-2016-014/...

Exploits0Affected Software1

Friends Of PHP•added 2015/03/20 7:29 p.m.•11 views

SS-2016-008: Password encryption salt expiry

More info at https://www.silverstripe.org/download/security-releases/ss-2016-008/...

Exploits0Affected Software1

Friends Of PHP•added 2015/03/20 7:29 p.m.•7 views

SS-2016-011: ChangePasswordForm does not check Member::canLogIn()

More info at https://www.silverstripe.org/download/security-releases/ss-2016-011/...

Exploits0Affected Software1

Friends Of PHP•added 2015/03/20 7:29 p.m.•10 views

SS-2016-015: XSS In OptionsetField and CheckboxSetField

More info at https://www.silverstripe.org/download/security-releases/ss-2016-015/...

Exploits0Affected Software1

Friends Of PHP•added 2015/03/20 3:7 p.m.•8 views

SS-2015-010: XSS in Director::force_redirect()

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/...

Exploits0Affected Software1

Friends Of PHP•added 2015/03/20 2:57 p.m.•11 views

SS-2015-009: XSS In rewritten hash links

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/...

Exploits0Affected Software1

Friends Of PHP•added 2015/03/20 12:10 p.m.•11 views

SS-2014-015: IE requests not properly behaving with rewritehashlinks

More info at https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/...

Exploits0Affected Software1

Friends Of PHP•added 2015/03/19 4:54 p.m.•11 views

SS-2015-008: SiteTree Creation Permission Vulnerability

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability/...

Exploits0Affected Software1

Friends Of PHP•added 2015/03/12 1:58 p.m.•25 views

Invalid CSRF validation of null or incorrectly formatted token identifiers

More info at https://framework.zend.com/security/advisory/ZF2015-03...

8.8CVSS8.9AI score0.00656EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/03/12 1:58 p.m.•18 views

Invalid CSRF validation of null or incorrectly formatted token identifiers

More info at https://framework.zend.com/security/advisory/ZF2015-03...

8.8CVSS8.9AI score0.00656EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/03/10 7:41 a.m.•11 views

Critical vulnerabilities in JSON Web Token libraries

More info at https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/...

Exploits0Affected Software1

Friends Of PHP•added 2015/03/01 9:13 a.m.•145 views

PHP object injection attack vulnerability in Slim.

https://github.com/slimphp/Slim/blob/master/Slim/Middleware/SessionCookie.phpL127 Generally, it's a bad idea to blindly unserialize user-controllable input. https://www.owasp.org/index.php/PHPObjectInjection EDIT - for people who don't want to read the whole thread: The SessionCookie class is not...

7.5CVSS6.2AI score0.02515EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/03/01 9:13 a.m.•19 views

PHP object injection attack vulnerability in Slim.

https://github.com/slimphp/Slim/blob/master/Slim/Middleware/SessionCookie.phpL127 Generally, it's a bad idea to blindly unserialize user-controllable input. https://www.owasp.org/index.php/PHPObjectInjection EDIT - for people who don't want to read the whole thread: The SessionCookie class is not...

7.5CVSS6AI score0.02515EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/02/24 5:46 p.m.•9 views

XSS injection in backoffice

More info at https://thelia.net/version-2-1-2-with-security-fix...

Exploits0Affected Software1

Friends Of PHP•added 2015/02/24 5:46 p.m.•9 views

XSS injection in backoffice

More info at https://thelia.net/version-2-1-2-with-security-fix...

Exploits0Affected Software1

Friends Of PHP•added 2015/02/19 10:59 a.m.•30 views

Attackers able to impersonate users

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment For reference, this issue has been assigned ID CVE-2015-2964...

1.9AI score0.01385EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/02/19 10:59 a.m.•13 views

Attackers able to impersonate users

Merge branch 'disabling-none-by-default'...

Exploits0Affected Software1

Total number of security vulnerabilities1697