National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 25,885 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2019-6728

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7353.

Published: March 21, 2019; 12:01:09 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-6727

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA remerge method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7347.

Published: March 21, 2019; 12:01:09 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-6116

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

Published: March 21, 2019; 12:01:07 PM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-3495

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.

Published: March 21, 2019; 12:01:04 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2018-20648

PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-20647

PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20646

PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20645

PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-20644

PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-20643

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20642

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20641

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-20640

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-20639

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-20638

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20637

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20636

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-20635

PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20634

PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20633

PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM