National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,048 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2011-4625

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

Published: November 06, 2019; 10:15:10 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-18674

An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.

Published: November 05, 2019; 09:15:11 PM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-8154

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion through a crafted XML file that specifies product design update.

Published: November 05, 2019; 07:15:12 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-8140

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file.

Published: November 05, 2019; 07:15:11 PM -05:00
V3.1: 4.9 MEDIUM
    V2: 4.0 MEDIUM
CVE-2011-1135

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.

Published: November 05, 2019; 04:15:10 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2011-1133

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.

Published: November 05, 2019; 04:15:10 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2013-6275

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.

Published: November 05, 2019; 02:15:10 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2013-4110

Cryptocat has an Unspecified Chat Participant User List Disclosure

Published: November 05, 2019; 08:15:10 AM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2013-4107

Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting

Published: November 05, 2019; 08:15:10 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-8980

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

Published: November 04, 2019; 04:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-4105

Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure

Published: November 04, 2019; 12:15:11 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2013-2260

Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness

Published: November 04, 2019; 12:15:10 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 5.0 MEDIUM
CVE-2013-2259

Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview

Published: November 04, 2019; 12:15:10 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-2258

Cryptocat before 2.0.22 has Nickname User Impersonation

Published: November 04, 2019; 12:15:10 PM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2013-2257

Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness

Published: November 04, 2019; 12:15:10 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2013-4104

Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol

Published: November 04, 2019; 11:15:10 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2013-2262

Cryptocat strophe.js before 2.0.22 has information disclosure

Published: November 04, 2019; 11:15:10 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2013-2261

Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure

Published: November 04, 2019; 11:15:10 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2013-4103

Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input

Published: November 04, 2019; 10:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-4102

Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness

Published: November 04, 2019; 10:15:10 AM -05:00
V3.1: 9.1 CRITICAL
    V2: 6.4 MEDIUM