Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
FriendsofphpRecent
RecentMost viewed

1697 matches found

Friends Of PHP
Friends Of PHP•added 2014/05/22 7:34 a.m.•11 views

The ExtJS JavaScript framework that is shipped with TYPO3 is susceptible to XSS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/05/20 10:21 a.m.•13 views

Risk of mass-assignment vulnerabilities

More info at https://laravel.com/docs/5.3/upgradeupgrade-4.1.29...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/05/20 10:21 a.m.•8 views

Risk of mass-assignment vulnerabilities

More info at https://laravel.com/docs/5.1/upgradeupgrade-4.1.29...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/04/29 11:30 a.m.•14 views

SecurityComponent cross form submission issue

More info at https://bakery.cakephp.org/2014/04/29/CakePHP-1-3-18-and-2-4-8-released.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/04/29 11:30 a.m.•10 views

SecurityComponent cross form submission issue

More info at https://bakery.cakephp.org/2014/04/29/CakePHP-1-3-18-and-2-4-8-released.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/04/26 8:4 p.m.•12 views

Authentication adapter did not verify validity of tokens

Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a release 0.1.2, tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication credentials...

4.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/04/26 8:4 p.m.•9 views

Authentication adapter did not verify validity of tokens

Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a release 0.1.2, tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication credentials...

7.4AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/04/15 12:19 p.m.•13 views

Hijacked authentication cookies vulnerability

More info at https://laravel.com/docs/5.3/upgradeupgrade-4.1.26...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/04/15 12:19 p.m.•12 views

Hijacked authentication cookies vulnerability

More info at https://laravel.com/docs/5.1/upgradeupgrade-4.1.26...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/04/07 10:30 a.m.•10 views

Insufficient input validation allows for code injection and remote execution

More info at https://contao.org/en/news/new-security-hole-found-in-contao.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/03/10 9:57 p.m.•61 views

PHP remote file inclusion vulnerability in dompdf.php

This release is superseded by version 0.7.0 This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf. Please read the new docume...

7.5CVSS7.2AI score0.39374EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/03/10 9:57 p.m.•19 views

Arbitrary file read in dompdf

More info at https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/...

6.8CVSS7.2AI score0.39374EPSS
Exploits6Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/03/10 9:57 p.m.•30 views

PHP remote file inclusion vulnerability in dompdf.php

This release is superseded by version 0.7.0 This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf. Please read the new docume...

8.8CVSS7.6AI score0.39374EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/02/26 10:13 p.m.•26 views

XEE issue that could expose local files or easily trigger a DOS attack.

XXE security issue. Issue 414...

7.5CVSS6.2AI score0.02228EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/02/26 4:2 p.m.•13 views

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/02/26 4:2 p.m.•11 views

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/02/26 4:2 p.m.•11 views

Potential XSS vector in multiple view helpers

More info at https://framework.zend.com/security/advisory/ZF2014-03...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/02/26 4:2 p.m.•10 views

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/02/26 4:2 p.m.•10 views

Potential XSS vector in multiple view helpers

More info at https://framework.zend.com/security/advisory/ZF2014-03...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/02/26 4:2 p.m.•8 views

Potential XSS vector in multiple view helpers

More info at https://framework.zend.com/security/advisory/ZF2014-03...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/02/26 4:2 p.m.•11 views

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/02/26 4:2 p.m.•15 views

Potential XSS vector in multiple view helpers

More info at https://framework.zend.com/security/advisory/ZF2014-03...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/02/17 3:37 p.m.•9 views

Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer

More info at https://framework.zend.com/security/advisory/ZF2014-02...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/02/17 3:37 p.m.•8 views

Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer

More info at https://framework.zend.com/security/advisory/ZF2014-02...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/02/13 11:12 a.m.•13 views

PHP object injection vulnerability allows for arbitrary code execution

More info at https://contao.org/en/news/major-security-hole-found-in-contao.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2014/01/22 12:35 p.m.•14 views

Fixed issue with broken validation of JSONP callbacks

More info at https://symfony.com/blog/fosrestbundle-security-issue-with-jsonp-handler...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/12/10 11:47 a.m.•20 views

Cross-Site Scripting in TYPO3 Flow

More info at https://www.neos.io/blog/flow-sa-2013-001.html...

4.3CVSS7.2AI score0.01187EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/12/10 11:47 a.m.•20 views

Cross-Site Scripting in TYPO3 Flow

More info at https://www.neos.io/blog/flow-sa-2013-001.html...

4.3CVSS7.2AI score0.01187EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/10/31 10:35 a.m.•8 views

Potential Remote Address Spoofing Vector in Zend\Http\PhpEnvironment\RemoteAddress

More info at https://framework.zend.com/security/advisory/ZF2013-04...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/10/10 8:30 a.m.•10 views

Possible DOS attack with long user-submitted passwords

More info at https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released...

5CVSS7.2AI score0.01868EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/10/10 8:30 a.m.•13 views

Possible DOS attack with long user-submitted passwords

More info at https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released...

5CVSS7.2AI score0.01868EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/08/17 9:14 a.m.•25 views

Request::getHost() poisoning

More info at https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released...

6.1CVSS7.2AI score0.02313EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/08/17 9:14 a.m.•33 views

Request::getHost() poisoning

More info at https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released...

6.1CVSS7.2AI score0.02313EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/08/17 7:55 a.m.•22 views

Validation metadata serialization and loss of information

More info at https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released...

8.1CVSS7.2AI score0.01445EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/08/17 7:55 a.m.•23 views

Validation metadata serialization and loss of information

More info at https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released...

8.1CVSS7.2AI score0.01445EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/08/12 1:41 a.m.•29 views

XML External Entity (XXE) issue

thanks to Kousuke Ebihara for the report and patch...

7.5CVSS6.3AI score0.02997EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/08/12 1:41 a.m.•30 views

XML External Entity (XXE) issue

disable external XML entities and libxml errors thanks to Kousuke Ebihara for the report and patch...

7.5CVSS6AI score0.02997EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/05/16 6:27 p.m.•11 views

Authentication Vulnerability - possible attempt to login via zero-valued password credential

Security advisory: zero-valued authentication credentials vulnerability DoctrineModule version 0.7.2 has been just released and includes a security fix for 248 via @5f79a9f7b and @78018ef568, Affected versions All versions below 0.7.2 are affected. dev-master and 0.8.x are not affected starting...

7.5AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/04/11 10:24 a.m.•21 views

Local file exposure on Windows installations

More info at https://groups.google.com/forum/?fromgroups=!topic/sabredav-discuss/ehOUu7wTSGQ...

5CVSS6.4AI score0.01779EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/04/11 10:24 a.m.•13 views

Local file exposure on Windows installations

More info at https://groups.google.com/forum/?fromgroups=!topic/sabredav-discuss/ehOUu7wTSGQ...

5CVSS6.8AI score0.01779EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/04/08 1:16 p.m.•8 views

Vulnerability in the filesystem loader

More info at http://blog.twig.sensiolabs.org/post/47461911874/security-release-twig-1-12-3-released...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/04/08 1:16 p.m.•17 views

Vulnerability in the filesystem loader

More info at http://blog.twig.sensiolabs.org/post/47461911874/security-release-twig-1-12-3-released...

0.4AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/03/13 3:5 p.m.•11 views

Potential Information Disclosure and Insufficient Entropy vulnerabilities in Zend\Math\Rand and Zend\Validate\Csrf Components

More info at https://framework.zend.com/security/advisory/ZF2013-02...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/03/13 3:4 p.m.•8 views

Potential SQL injection due to execution of platform-specific SQL containing interpolations

More info at https://framework.zend.com/security/advisory/ZF2013-03...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/03/13 8:39 a.m.•8 views

Route Parameter Injection Via Query String in Zend\Mvc

More info at https://framework.zend.com/security/advisory/ZF2013-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/01/15 9:21 p.m.•22 views

Ability to enable/disable object support in YAML parsing and dumping

More info at https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released...

7.5CVSS6.7AI score0.01619EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/01/15 9:21 p.m.•19 views

Ability to enable/disable object support in YAML parsing and dumping

More info at https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released...

7.5CVSS6.7AI score0.01619EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/01/15 9:16 p.m.•24 views

Ability to enable/disable PHP parsing in Yaml::parse()

More info at https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released...

7.5CVSS6.8AI score0.01619EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2013/01/15 9:16 p.m.•30 views

Ability to enable/disable PHP parsing in Yaml::parse()

More info at https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released...

7.5CVSS6.8AI score0.01619EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2012/12/19 9:59 a.m.•17 views

Code execution vulnerability via the "internal" routes

More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...

6.8CVSS7.2AI score0.01173EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1697