National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,141 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-2019-11807

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks.

Published: May 06, 2019; 02:29:00 PM -04:00
V3: 7.5 HIGH
V2: 6.4 MEDIUM
CVE-2019-5434

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0.

Published: May 06, 2019; 01:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-5433

A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.

Published: May 06, 2019; 01:29:00 PM -04:00
V3: 5.4 MEDIUM
V2: 5.8 MEDIUM
CVE-2019-11767

Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.

Published: May 05, 2019; 02:29:00 AM -04:00
V3: 5.8 MEDIUM
V2: 5.0 MEDIUM
CVE-2019-11037

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

Published: May 03, 2019; 04:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-11036

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

Published: May 03, 2019; 04:29:00 PM -04:00
V3: 9.1 CRITICAL
V2: 6.4 MEDIUM
CVE-2019-9826

The fulltext search component in phpBB before 3.2.6 allows Denial of Service.

Published: May 02, 2019; 05:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-16988

An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.

Published: May 02, 2019; 04:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 5.0 MEDIUM
CVE-2018-16961

An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories.

Published: May 02, 2019; 04:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-16960

An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter.

Published: May 02, 2019; 04:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-3490

A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support.

Published: May 02, 2019; 01:29:02 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-18374

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes.

Published: May 02, 2019; 01:29:01 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2017-18373

The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.

Published: May 02, 2019; 01:29:01 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2017-18372

The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373.

Published: May 02, 2019; 01:29:01 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2017-18371

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.

Published: May 02, 2019; 01:29:01 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-18370

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371.

Published: May 02, 2019; 01:29:00 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2017-18369

The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter.

Published: May 02, 2019; 01:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2017-18368

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.

Published: May 02, 2019; 01:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2019-11626

routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request.

Published: April 30, 2019; 04:29:02 PM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2019-11625

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user (or a user with permission to manage emailing) could exploit the vulnerability to obtain database sensitive information.

Published: April 30, 2019; 04:29:02 PM -04:00
V3: 4.9 MEDIUM
V2: 4.0 MEDIUM