19 matches found
php: libxml streams use wrong content-type header when requesting a redirected resource
A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...
php: libxml streams use wrong content-type header when requesting a redirected resource
A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...
BIT-PHP-MIN-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
BIT-PHP-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
CVE-2025-1219
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
AZL-59300 CVE-2025-1219 affecting package php for versions less than 8.1.32-1
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
AZL-59316 CVE-2025-1219 affecting package php for versions less than 8.3.19-1
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
DEBIAN-CVE-2025-1219
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
CVE-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
SUSE CVE-2025-1219
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
ZendFramework potential XML eXternal Entity injection vectors
ZendFeedRss and ZendFeedAtom were found to contain potential XML eXternal Entity XXE vectors due to insecure usage of PHP's DOM extension. External entities could be specified by adding a specific DOCTYPE element to feeds; exploiting this vulnerability could coerce opening arbitrary files and/or...
GHSA-4J9X-G4X8-VCMF ZendFramework potential XML eXternal Entity injection vectors
ZendFeedRss and ZendFeedAtom were found to contain potential XML eXternal Entity XXE vectors due to insecure usage of PHP's DOM extension. External entities could be specified by adding a specific DOCTYPE element to feeds; exploiting this vulnerability could coerce opening arbitrary files and/or...
Debian: Security Advisory (DLA-251-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
php: missing null byte checks for paths in DOM and GD extensions
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...
php: missing null byte checks for paths in DOM and GD extensions
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...
php: missing null byte checks for paths in DOM and GD extensions
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...
php: missing null byte checks for paths in DOM and GD extensions
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...
[SECURITY] [DSA 3265-2] zendframework regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3265-2 [email protected] http://www.debian.org/security/ Alessandro Ghedini May 24, 2015 http://www.debian.org/security/faq -...
Zend Framework 'Zend_Feed'组件信息泄露漏洞
BUGTRAQ ID: 56982 Zend Framework ZF 是一个开放源代码的 PHP5 开发框架,可用于来开发 web 程序和服务。 Zend Framework 1.11.15、1.12.1之前版本的ZendFeedRss、ZendFeedAtom类由于使用了不安全的PHP DOM扩展,其"ZendFeed"组件在处理xml数据时存在漏洞,通过发送包含有外部实体引用的特制XML数据,攻击者可利用此漏洞打开任意文件,最终导致了本地文件信息泄露漏洞。 0 Zend Zend Framework 1.11.6 Zend Zend Framework 1.11.4 Zend Ze...