Lucene search
K
FriendsofphpRecent

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2020/08/25 3:50 a.m.•30 views

CVE-2020-15227: Potential Remote Code Execution vulnerability

More info at https://blog.nette.org/en/cve-2020-15227-potential-remote-code-execution-vulnerability...

9.8CVSS7.2AI score0.35228EPSS
Exploits3Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/08/25 3:50 a.m.•35 views

CVE-2020-15227: Potential Remote Code Execution vulnerability

More info at https://blog.nette.org/en/cve-2020-15227-potential-remote-code-execution-vulnerability...

9.8CVSS7.2AI score0.35228EPSS
Exploits3Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/08/07 9:28 a.m.•12 views

EZSA-2020-005 Editor XSS and trashed drafts in review queue

More info at https://ezplatform.com/security-advisories/ezsa-2020-005-editor-xss-and-trashed-drafts-in-review-queue...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/08/07 9:18 a.m.•14 views

EZSA-2020-005 Editor XSS and trashed drafts in review queue

More info at https://ezplatform.com/security-advisories/ezsa-2020-005-editor-xss-and-trashed-drafts-in-review-queue...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/28 8:18 a.m.•32 views

TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-008...

8.8CVSS7.2AI score0.02229EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/28 8:18 a.m.•23 views

TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-008...

8.8CVSS7.2AI score0.02229EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/28 8:18 a.m.•33 views

TYPO3-CORE-SA-2020-007: Potential Privilege Escalation

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-007...

8.1CVSS7.2AI score0.01782EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/28 8:18 a.m.•27 views

TYPO3-CORE-SA-2020-007: Potential Privilege Escalation

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-007...

8.1CVSS7.2AI score0.01782EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/25 11:16 a.m.•15 views

Vulnerability which allows remote image dimensions check to be used to SSRF

More info at https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636...

5CVSS5.8AI score0.00966EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/25 11:16 a.m.•22 views

Vulnerability which allows remote image dimensions check to be used to SSRF

More info at https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636...

5.8CVSS7.2AI score0.00966EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/16 7:31 a.m.•27 views

Sensitive Information Disclosure in extension "Media Content Element" (mediace)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2020-014...

7.5CVSS9AI score0.02721EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/16 7:31 a.m.•34 views

Sensitive Information Disclosure in extension "Media Content Element" (mediace)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2020-014...

9.8CVSS7.2AI score0.02721EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/14 1:26 p.m.•22 views

CVE-2020-9311: Malicious user profile information can cause login form XSS

More info at https://www.silverstripe.org/download/security-releases/cve-2020-9311/...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/10 5:54 p.m.•26 views

CVE-2020-6165: Limited queries break CanViewPermissionChecker

More info at https://www.silverstripe.org/download/security-releases/cve-2020-6165...

5.3CVSS7.2AI score0.01066EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/10 3:3 p.m.•28 views

CVE-2020-6164: Information disclosure on /interactive URL path

More info at https://www.silverstripe.org/download/security-releases/cve-2020-6164/...

7.5CVSS7.2AI score0.018EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/10 2:57 p.m.•22 views

CVE-2019-19326: Web Cache Poisoning through HTTPRequestBuilder

More info at https://www.silverstripe.org/download/security-releases/cve-2019-19326/...

5.9CVSS7.2AI score0.00758EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/06 2:8 p.m.•9 views

Potentially sensitive data exposure

Description Impact Inside Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::onPublish, messages are arbitrarily broadcasted to the related Topic if Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::dispatch does not succeed. The dispatch method can be considered to...

1.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/06 2:8 p.m.•11 views

Potentially sensitive data exposure

Impact Inside Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::onPublish, messages are arbitrarily broadcasted to the related Topic if Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::dispatch does not succeed. The dispatch method can be considered to not succeed...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/03 5:45 p.m.•28 views

SQL injection vulnerability in SearchController

More info at https://www.phpmyadmin.net/security/PMASA-2020-6/...

9.8CVSS7.2AI score0.67081EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/06/16 8:55 p.m.•13 views

Header leakage on cross-domain redirects

This version fixes a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matching t...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/20 4:45 p.m.•9 views

EZSA-2020-004 Object Injection in SiteAccessMatchListener

More info at https://ezplatform.com/security-advisories/ezsa-2020-004-object-injection-in-siteaccessmatchlistener...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/20 4:45 p.m.•13 views

EZSA-2020-004 Object Injection in SiteAccessMatchListener

More info at https://ezplatform.com/security-advisories/ezsa-2020-004-object-injection-in-siteaccessmatchlistener...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/20 1:37 p.m.•17 views

Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003

More info at https://www.drupal.org/sa-core-2020-003...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/20 1:37 p.m.•6 views

Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003

More info at https://www.drupal.org/sa-core-2020-003...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/17 12:26 p.m.•40 views

XSS relating to the transformation feature

More info at https://www.phpmyadmin.net/security/PMASA-2020-5/...

6.1CVSS7.2AI score0.0219EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•27 views

TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-001...

4.3CVSS7.2AI score0.01188EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•27 views

TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-001...

4.3CVSS7.2AI score0.01188EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•25 views

TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-006...

8.8CVSS7.2AI score0.00699EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•20 views

TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-006...

8.8CVSS7.2AI score0.00699EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•25 views

TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-005...

8.8CVSS7.2AI score0.0199EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•41 views

TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-005...

8.8CVSS7.2AI score0.0199EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•32 views

TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-004...

10CVSS7.2AI score0.01472EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•36 views

TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-004...

10CVSS7.2AI score0.01472EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•33 views

TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-003...

5.4CVSS7.2AI score0.0054EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•26 views

TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-003...

5.4CVSS7.2AI score0.0054EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•40 views

TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-002...

5.4CVSS7.2AI score0.0054EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•25 views

TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-002...

5.4CVSS7.2AI score0.0054EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/04 2:50 p.m.•10 views

Insecure default secret key and IV allowing anyone to decrypt values

This issue has been deleted...

7.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/04 2:50 p.m.•18 views

Insecure default secret key and IV allowing anyone to decrypt values

This issue has been deleted...

2.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/04/28 6:8 p.m.•9 views

SSTI Vulnerability

More info at https://twitter.com/nystudio107/status/1268736336200171520?lang=en...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/04/28 6:8 p.m.•12 views

SSTI Vulnerability

More info at https://twitter.com/nystudio107/status/1268736336200171520?lang=en...

0.3AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/04/21 12:12 p.m.•12 views

EZSA-2020-003 XSS in DemoBundle/ezdemo bundled VideoJS

More info at https://ezplatform.com/security-advisories/ezsa-2020-003-xss-in-demobundle-ezdemo-bundled-videojs...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/04/21 12:7 p.m.•10 views

EZSA-2020-003 XSS in DemoBundle/ezdemo bundled VideoJS

More info at https://ezplatform.com/security-advisories/ezsa-2020-003-xss-in-demobundle-ezdemo-bundled-videojs...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/30 2:0 p.m.•22 views

CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header

More info at https://symfony.com/cve-2020-5255...

4.3CVSS7.2AI score0.01297EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/30 2:0 p.m.•40 views

CVE-2020-5274: Fix Exception message escaping rendered by ErrorHandler

More info at https://symfony.com/cve-2020-5274...

5.5CVSS7.2AI score0.01197EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/30 2:0 p.m.•27 views

CVE-2020-5275: All rules set in "access_control" are required when the firewall is configured with the unanimous strategy

More info at https://symfony.com/cve-2020-5275...

8.1CVSS7.2AI score0.01148EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/30 2:0 p.m.•32 views

CVE-2020-5274: Fix Exception message escaping rendered by ErrorHandler

More info at https://symfony.com/cve-2020-5274...

5.5CVSS7.2AI score0.01197EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/30 2:0 p.m.•30 views

CVE-2020-5275: All rules set in "access_control" are required when the firewall is configured with the unanimous strategy

More info at https://symfony.com/cve-2020-5275...

8.1CVSS7.2AI score0.01148EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/30 2:0 p.m.•20 views

CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header

More info at https://symfony.com/cve-2020-5255...

4.3CVSS7.2AI score0.01297EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/30 2:0 p.m.•26 views

CVE-2020-5275: All rules set in "access_control" are required when the firewall is configured with the unanimous strategy

More info at https://symfony.com/cve-2020-5275...

8.1CVSS7.2AI score0.01148EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702