Security
Headlines
HeadlinesLatestCVEs

Tag

#php

RHEA-2020:0283: Red Hat Enhancement Advisory: Red Hat OpenStack Platform 16.0 GA

Updated packages that fix several bugs and add various enhancements are now available for Red Hat OpenStack Platform 16.0 (Train) for RHEL 8.1.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2019-3866: An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information. * CVE-2019-19687: A disclosure vulnerability was found in openstack-keystone's credentials API. Users with a project role are able to list any credentials with the /v3/credentials API when enforce_scope is false. Information for time-based one time passwords (TOTP) may also be disclosed. Deploymen...

Red Hat Security Data
#sql#vulnerability#web#ios#mac#windows#google#linux#red_hat#apache#redis#memcached#js#git#java#kubernetes#php#perl#ldap#nginx#vmware#auth#ssh#ibm#ruby#postgres#docker#ssl
CVE-2020-7995

The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.

CVE-2020-7991: adive-php7/README.md at master · schspain/adive-php7

Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.

CVE-2020-7246

A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.

CVE-2020-7106: Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106) · Issue #3191 · Cacti/cacti

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).

CVE-2020-5509

PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image.

CVE-2020-5308: Dairy Farm Shop Management System Project, Dairy Farm Shop Management System in Php

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php.

CVE-2020-5510: OffSec’s Exploit Database Archive

PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.

CVE-2020-5307: OffSec’s Exploit Database Archive

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.

CVE-2020-5306

Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.