47 matches found
openSUSE Security Update : php5 (openSUSE-2016-1150)
This update for php5 fixes the following security issues : - CVE-2016-7411: Memory corruption when destructing deserialized object - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field - CVE-2016-7413: Use after free in wddxdeserialize - CVE-2016-7414: Out of boun...
Ubuntu: Security Advisory (USN-3095-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PHP WDDX Deserialization Use After Free (CVE-2016-7413)
A Use-After-Free vulnerability exists in PHP during deserialization of WDDX elements. A remote attacker can exploit this vulnerability by supplying a crafted wddxPacket XML document. A successful attack can result in a denial of service...
Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-267-01)
New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-267-01. The text itself is copyright...
CVE-2016-7413
CVE-2016-7413 is a Use-After-Free vulnerability in PHP’s WDDX deserialization path. The issue resides in wddx_stack_destroy in ext/wddx/wddx.c and can be triggered by a wddxPacket XML document that lacks an end-tag for a recordset field, leading to denial of service or potentially other impact. A...
CVE-2015-7413
Cross-site scripting XSS vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2014-7413
CVE-2014-7413 affects the Android app “The Rajendra Suriji” (package com.rajendrasuriji.nakodabhairav.com), version 1.1, where X.509 certificates from SSL servers are not verified. This allows MITM attackers to spoof servers and capture sensitive data with a crafted certificate. Documentation con...