National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 25,985 matching records.
Displaying matches 221 through 240.
Vuln ID Summary CVSS Severity
CVE-2019-7437

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field.

Published: March 21, 2019; 12:01:13 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-7436

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory.

Published: March 21, 2019; 12:01:13 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2019-7435

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form.

Published: March 21, 2019; 12:01:13 PM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2019-7434

PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory.

Published: March 21, 2019; 12:01:13 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2019-7433

PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.

Published: March 21, 2019; 12:01:13 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-7432

PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section.

Published: March 21, 2019; 12:01:13 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2019-7431

PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory.

Published: March 21, 2019; 12:01:13 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2019-7430

PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar.

Published: March 21, 2019; 12:01:13 PM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2019-7429

PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory.

Published: March 21, 2019; 12:01:13 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2019-7391

ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.

Published: March 21, 2019; 12:01:12 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-7383

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/isp_update_edit.php does not properly validate user input, which leads to shell command injection via the des parameter.

Published: March 21, 2019; 12:01:11 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2019-7299

A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php.

Published: March 21, 2019; 12:01:11 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-7223

InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CVE-2018-12255.

Published: March 21, 2019; 12:01:11 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2019-6735

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7355.

Published: March 21, 2019; 12:01:10 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-6734

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7452.

Published: March 21, 2019; 12:01:10 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-6733

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7576.

Published: March 21, 2019; 12:01:10 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-6732

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFParseDateEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7453.

Published: March 21, 2019; 12:01:09 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-6731

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7369.

Published: March 21, 2019; 12:01:09 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-6730

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the popUpMenu method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7368.

Published: March 21, 2019; 12:01:09 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-6729

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7423.

Published: March 21, 2019; 12:01:09 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM