18 matches found
EUVD-2022-38168
Malicious code in bioql PyPI...
Internet Bug Bounty: Use after free with assign by ref to overloaded objects
Reported: 2015-07-15 16:30 UTC Fixed: 2015-07-21 14:20 UTC Bug Report: https://bugs.php.net/bug.php?id=70083 Fixed in PHP 5.6: http://git.php.net/?p=php-src.git;a=commitdiff;h=f57cb13c566613eec0e1c2f6d96d18565436a9b7 Fixed in 7:...
PHP 5.4.x < 5.4.36, 5.5.x < 5.5.20, 5.6.x < 5.6.4 Use After Free Vulnerability (Jan 2015)
PHP is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...
PHP Out of Bounds Read Vulnerability (Jan 2015)
PHP is prone to an out of bounds read vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...
PHP 5.5.x < 5.5.20 'process_nested_data' RCE
According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.20. It is, therefore, affected by a use-after-free error in the 'processnesteddata' function within 'ext/standard/varunserializer.re' due to improper handling of duplicate keys within the serialized...
CVE-2012-0882
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosur...
PT-2012-2926 · Oracle · Mysql Server +1
Name of the Vulnerable Software and Affected Versions: MySQL versions 5.5.20 through 5.5.21 MySQL versions 5.1.x through 5.1.61 Description: A buffer overflow issue in yaSSL, used by MySQL, allows remote attackers to execute arbitrary code. The issue is related to unspecified vectors. There is no...
Artiphp CMS 5.5.0 database backup disclosure Exploit-vulnerability warning-the black bar safety net
? php / Artiphp CMS 5.5.0 Database Backup Disclosure Exploit Author: Artiphp www.2cto.com http://www.artiphp.com Affected version: 5.5.0 Neo r422 Summary: Artiphp is a content management system CMS open and free to create and manage your website. Description: Artiphp stores database backups using...
Artiphp CMS 5.5.0 Cross Site Scripting
Artiphp CMS v5.5.0 Multiple XSS POST Injection Vulnerabilities Vendor: Artiphp Product web page: http://www.artiphp.com Affected version: 5.5.0 Neo r422 Summary: Artiphp is a content management system CMS open and free to create and manage your website. Desc: Artiphp CMS suffers from multiple...
phpThumb() v1.7.11 (dir & title) Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications phpThumb v1.7.11 dir & title Cross-Site Scripting Vulnerability Vendor: SiliSoftware Product web page: http://www.silisoftware.com Affected version: 1.7.11-201108081537 Summary: phpThumb uses the GD library to create thumbnails from images JPE...
Anchor CMS 0.6 Cross Site Scripting
Exploit for php platform in category web applications Anchor CMS v0.6 Multiple Persistent XSS Vulnerabilities function xss0document.forms"xss0".submit; function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; function xss3document.forms"xss3".submit; function...
MySQL 'yaSSL' RCE Vulnerability
MySQL is prone to an unspecified remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
MySQL 5.5.20不明细节远程代码执行漏洞
BUGTRAQ ID: 52154 MySQL是一个小型关系型数据库管理系统,开发者为瑞典MySQLAB公司,在2008年1月16号被Sun公司收购。 MySQL在实现上存在远程代码执行漏洞,攻击者可利用此漏洞执行任意代码。 0 Oracle MySQL 5.5.20 厂商补丁: Oracle ------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.oracle.com/technetwork/topics/security/...
Fedora 15 : mysql-5.5.20-1.fc15 (2012-0987)
Update to MySQL 5.5.20, for various fixes described at http://dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html as well as security fixes described at http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.ht ml Note that Tenable Network Security has extracted the preceding descriptio...
Fedora 16 : mysql-5.5.20-1.fc16 (2012-0972)
Update to MySQL 5.5.20, for various fixes described at http://dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html as well as security fixes described at http://www.oracle.com/technetwork/topics/security/cpujan 2012-366304.html - Re-include the mysqld logrotate script, now that it's not so bogus Note...
PT-2009-1236 · Apache · Apache Tomcat
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.32 through 4.1.34 Apache Tomcat versions 5.5.10 through 5.5.20 Description: The issue is related to the doRead method, which fails to return a -1 when a certain error condition occurs. This can cause Tomcat to send...
Debian Security Advisory DSA 1593-1 (tomcat5.5)
The remote host is missing an update to tomcat5.5 announced via advisory DSA 1593-1. OpenVAS Vulnerability Test $Id: deb15931.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1593-1 tomcat5.5 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Apache Tomcat JK Web Server Connector超长URL栈溢出漏洞
Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Tomcat JK Web Server Connector的modjk.so库在处理超长畸形的URL时存在漏洞,远程攻击者可能利用此漏洞控制服务器。 Apache Tomcat JK Web Server Connector的modjk.so库URI处理器mapuritoworker是在native/common/jkuriworkermap.c文件中定义的。当该库在解析超过4095字节的超长URL请求时URI...