Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-24780: Database management plug-in table.php columns-sql injection vulnerability · Issue #6 · funadmin/funadmin

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.

CVE
Open in Source
#sql#csrf#vulnerability#web#windows#apple#js#java#php#auth#chrome#webkit
CVE-2023-26823: exshopbug/README.md at main · jingping911/exshopbug

An arbitrary file upload vulnerability in the /admin/template.php component of shopEx EcShop v4.1.5 allows attackers to execute arbitrary code via a crafted PHP file.

GHSA-wm8x-php5-hvq6: Maligned causes incorrect deallocation

`maligned::align_first` manually allocates with an alignment larger than T, and then uses `Vec::from_raw_parts` on that allocation to get a `Vec<T>`. [`GlobalAlloc::dealloc`](https://doc.rust-lang.org/std/alloc/trait.GlobalAlloc.html#tymethod.dealloc) requires that the `layout` argument must be the same layout that was used to allocate that block of memory. When deallocating, `Box` and `Vec` may not respect the specified alignment and can cause undefined behavior.

Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication

Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities.

ZwiiCMS 12.2.04 Remote Code Execution

ZwiiCMS version 12.2.04 suffers from an authenticated remote code execution vulnerability.

CVE-2023-27478: Disclosure of unrelated data

libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state.

CVE-2023-24775: member.memberLevel#selectFields[value] has sql injection vulnerability · Issue #9 · funadmin/funadmin

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php.

Chinese Sharp Panda Group Unleashes SoulSearcher Malware

By Waqas Currently, in its cyber espionage campaign, Sharp Panda hackers are targeting government entities in Asia. This is a post from HackRead.com Read the original post: Chinese Sharp Panda Group Unleashes SoulSearcher Malware

CVE-2023-1253

A vulnerability, which was classified as critical, was found in SourceCodester Health Center Patient Record Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222483.