MiracleLinux 4 : php-5.3.3-27.AXS4.1 (AXSA:2014-484:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-484:02 advisory. Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP al...

EUVD-2014-9462

Malware in sbrugna...

EUVD-2014-0274

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2014-3710

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present...

SUSE CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

SUSE CVE-2014-0237

The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls...

SUSE CVE-2014-0238

The cdfreadpropertyinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service infinite loop or out-of-bounds memory access via a vector that 1 has zero length or 2 is too long...

SUSE CVE-2014-9652

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote...

SUSE CVE-2014-9653

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service uninitialized memor...

SUSE CVE-2015-4605

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service application crash or possibly execute...

SUSE CVE-2015-8865

The filecheckmem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service buffer overflow and application...

file: Buffer over-write in finfo_open with malformed magic file

The filecheckmem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service buffer overflow and application...

The vulnerability of the PHP interpreter allows a remote attacker to gain access to memory areas beyond the application’s boundaries, or cause the application to terminate abnormally.

The vulnerability of the PHP interpreter in the mconvert function located in the Fileinfo component’s script, softmagic.c causes an error in the pointer to the field that stores the length of the string under certain copy scenarios. As a result, a malicious actor can gain access to memory areas...

Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information

A vulnerability exists in the cdfcountchain function in the cdf.c file of the Fileinfo component in PHP, due to improper data validation for the sector counters. Exploitation of this vulnerability allows malicious actors to induce a service failure abnormal termination of the application by using...

Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information

A numerical overflow in the cdfreadpropertyinfo function in the cdf.c file of the Fileinfo component in PHP allows malicious actors operating remotely to cause a service failure abrupt termination of the application by using a specially crafted CDF file...

Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information

The vulnerability in the cdfreadshortsector function in the cdf.c file of the Fileinfo component in PHP allows malicious actors operating remotely to trigger a service failure a denial-of-service attack by using specially crafted CDF files...

The vulnerability of the PHP interpreter allows attackers to trigger a service failure or execute arbitrary code.

The vulnerability of the mcopy function in the Fileinfo component of the PHP interpreter exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failure termination of the application or execute arbitrary code using a...

The vulnerability of the PHP interpreter allows attackers to trigger a service failure or execute arbitrary code.

The vulnerability of the mget function in the Fileinfo component of the PHP interpreter exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause a service failure application termination or execute arbitrary code using a specially created...

Ubuntu: Security Advisory (USN-2984-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-8865

The filecheckmem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service buffer overflow and application...