National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 25,994 matching records.
Displaying matches 241 through 260.
Vuln ID Summary CVSS Severity
CVE-2019-7299

A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php.

Published: March 21, 2019; 12:01:11 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-7223

InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CVE-2018-12255.

Published: March 21, 2019; 12:01:11 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2019-6735

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7355.

Published: March 21, 2019; 12:01:10 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-6734

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7452.

Published: March 21, 2019; 12:01:10 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-6733

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7576.

Published: March 21, 2019; 12:01:10 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-6732

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFParseDateEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7453.

Published: March 21, 2019; 12:01:09 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-6731

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7369.

Published: March 21, 2019; 12:01:09 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-6730

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the popUpMenu method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7368.

Published: March 21, 2019; 12:01:09 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-6729

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7423.

Published: March 21, 2019; 12:01:09 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-6728

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7353.

Published: March 21, 2019; 12:01:09 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-6727

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA remerge method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7347.

Published: March 21, 2019; 12:01:09 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-6116

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

Published: March 21, 2019; 12:01:07 PM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-3495

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.

Published: March 21, 2019; 12:01:04 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2018-20648

PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-20647

PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20646

PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20645

PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-20644

PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-20643

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20642

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field.

Published: March 21, 2019; 12:00:37 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM