10 matches found
CVE-2019-11049
CVE-2019-11049 affects PHP 7.3.x with versions below 7.3.13 and PHP 7.4.0 on Windows. The issue arises when supplying custom headers to mail() with the header in lowercase, which can cause double-free of memory locations. There are no exploitation details in the provided documents beyond this des...
CVE-2019-11045
In PHP, DirectoryIterator vulnerability CVE-2019-11045 affects PHP 7.2.x < 7.2.26, 7.3.x
CVE-2019-11050
CVE-2019-11050 concerns the PHP EXIF extension: when parsing EXIF data via exif_read_data(), PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0 allow data to read beyond the allocated buffer, leading to potential information disclosure or a crash. Connected advisories confirm the vuln...
CVE-2019-11046
Summary (CVE-2019-11046) : PHP versions affected are 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0. The vulnerability is in the bcmath extension where a string containing characters identified as numeric by the OS but not ASCII digits can cause reading beyond allocated space, potentially disc...
CVE-2019-11044
The CVE-2019-11044 issue affects PHP when running on Windows, where the link() function accepts filenames with embedded null bytes and treats them as terminating at that byte. Affected PHP versions are 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0 on Windows. The underlying cause is null-byte...
CVE-2017-11508
SecurityCenter 5.5.0–5.5.2 contain a SQL Injection vulnerability exploitable by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could insert a crafted SQL query into the password field of a diagnostic scan, potentially gaining unauthorized access to the Secur...
CVE-2018-1154
The CVE-2018-1154 issue affects SecurityCenter prior to version 5.7.0, where an unauthenticated attacker could enumerate username aliases by brute-forcing responses, potentially leading to unauthorized access. The issue’s root cause is a username enumeration mechanism; mitigation configured in th...
CVE-2013-5911
The CVE-2013-5911 entry describes a cross-site scripting (XSS) vulnerability in Tenable SecurityCenter’s devform.php, affecting versions 4.6 through 4.7. The underlying cause is improper validation of user-supplied input to the message parameter, allowing an attacker to inject arbitrary HTML/Java...
CVE-2018-1155
Tenable SecurityCenter (pre-5.7.0) is affected by an XSS vulnerability in the Reports feature: an authenticated attacker can inject JavaScript via the image filename parameter due to insufficient input validation. The issue is addressed in versions 5.7.0 and later through updated input validation...
CVE-2023-2005
This CVE affects Tenable.Io, Nessus, and Tenable Security Center prior to Plugin Feed ID #202306261202. The issue enables a user with scan-target permissions to place a binary in a specific filesystem location to escalate privileges via the impacted plugin. Remediation per PT-2023-17405 recommend...