EUVD-2015-4754

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2015-4905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML...

Linux Distros Unpatched Vulnerability : CVE-2015-0499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknow...

jsii-rosetta (>=5.6.0 <=5.6.21-dev.13), jsii-srcmak (>=0.1.1300 <=0.1.1305) potentially affected by unknown CVE via jsii (=5.6.23)

jsii NPM version =5.6.23 is affected by a known vulnerability. The following packages have a transitive dependency on jsii and may be impacted: - jsii-rosetta =5.6.0, =0.1.1300, =0.1.1305 Source cves: unknown CVE Source advisory: OSV:GHSA-M56H-5XX3-2JC2...

WordPress Email Subscribers & Newsletters Plugin <= 5.6.23 is vulnerable to Path Traversal

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.6.23 Fixed in 5.6.24 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5414 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID a55da7ad2e82 Credits Marco Wotschka Required privile...

Linear eMerge E3 Access Controller Command Injection

Nortek Linear eMerge E3 Unauthenticated Remote Root Code Execution Metasploit by Gjoko 'LiquidWorm' Krstic Affected version: 'Linear eMerge E3 Access Controller Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Linear eMerge E3 Access Controller...

CVE-2016-5766

Integer overflow in the gd2GetHeader function in gdgd2.c in the GD Graphics Library aka libgd before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly ha...

PHP 7.0.8 / 5.6.23 / 5.5.37 - bzread() Out-of-Bounds Write

Exploit for php platform in category dos / poc ''' PHP 7.0.8, 5.6.23 and 5.5.37 does not perform adequate error handling in its bzread' function: php-7.0.8/ext/bz2/bz2.c ,---- | 364 static PHPFUNCTIONbzread | 365 | ... | 382 ZSTRLENdata = phpstreamreadstream, ZSTRVALdata, ZSTRLENdata; | 383...

Fedora 22 : php (2016-99fbdc5c34)

23 Jun 2016, PHP 5.6.23 Core: - Fixed bug php72275 Integer Overflow in jsonencode/jsondecode/jsonutf8toutf16. Stas - Fixed bug php72400 Integer Overflow in addcslashes/addslashes. Stas - Fixed bug php72403 Integer Overflow in Length of String-typed ZVAL. Stas GD: - Fixed bug php72298 pass2nodithe...

Fedora 23 : php (2016-34a6b65583)

23 Jun 2016, PHP 5.6.23 Core: - Fixed bug php72275 Integer Overflow in jsonencode/jsondecode/jsonutf8toutf16. Stas - Fixed bug php72400 Integer Overflow in addcslashes/addslashes. Stas - Fixed bug php72403 Integer Overflow in Length of String-typed ZVAL. Stas GD: - Fixed bug php72298 pass2nodithe...

Debian DSA-3618-1 : php5 - security update

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.23, which includes additional bug fixes. Please refer to the upstream changelog for mor...

Debian: Security Advisory (DSA-3618-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 24 Update: php-5.6.23-1.fc24

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2016-5769

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...

Internet Bug Bounty: NULL Pointer Dereference at _gdScaleVert

Upstream bug reports https://bugs.php.net/bug.php?id=72407 Reported to PHP 2016-06-15 Patch: http://git.php.net/?p=php-src.git;a=commit;h=b9ec171e7d25879d97473ca50197c4207420c276 Fixed for PHP 5.5.37 security only mode http://php.net/ChangeLog-5.php5.5.37 Fixed for PHP 5.6.23...

Internet Bug Bounty: CVE-2015-8874 Stack overflow with imagefilltoborder

Reported in 2014 https://bugs.php.net/bug.php?id=66387 A variation was rediscovered this year and reported to PHP and LIBGD: https://bugs.php.net/bug.php?id=72350 https://github.com/libgd/libgd/issues/215 Patches for both issues:...

CVE-2016-5768

Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...

Oracle MySQL Multiple Unspecified Vulnerabilities-24 (Jun 2016) - Linux

Oracle MySQL is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling...

mysql: unspecified vulnerability related to Server:Federated (CPU April 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated...