CVE-2019-20050

CVE-2019-20050 affects Pandora FMS ≤ 7.42. A remote code execution exists when an authenticated user creates a folder with a “tricky” name in the filemanager; the exploit requires the php-fileinfo extension to be disabled and the attacker to include shell metacharacters in the content type. This ...

CVE-2019-20050

Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must includ...

Huawei EulerOS: Security Advisory for file (EulerOS-SA-2019-1424)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

October 15, 2019—KB4520012 (Preview of Monthly Rollup)

October 15, 2019—KB4520012 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4520005released October 8, 2019 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Updates time...

Fedora 30 : php (2019-ec40d89812)

PHP version 7.2.21 01 Aug 2019 Date: - Fixed bug php69044 discrepency between time and microtime. krakjoe EXIF: - Fixed bug php78256 heap-buffer-overflow on exifprocessusercomment. CVE-2019-11042 Stas - Fixed bug php78222 heap-buffer-overflow on exifscanthumbnail. CVE-2019-11041 Stas Fileinfo: -...

Arbitrary File Write

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interprete...

Arbitrary File Write

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interprete...

Heap-based Buffer Overflow

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interprete...

Use-After-Free

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifthumbnail function to crash or, possibly, execute arbitrary code...

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifthumbnail function to crash or, possibly, execute arbitrary code...

Denial Of Service (DoS)

php55-php is vulnerable to denial of service DoS attacks. The vulnerability exists as the cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failur...

Fedora 28 : php (2018-dfe1f0bac6)

PHP version 7.2.13 06 Dec 2018 ftp: - Fixed bug php77151 ftpclose: SSLread on shutdown. Remi CLI: - Fixed bug php77111 php-win.exe corrupts unicode symbols from cli parameters. Anatol Fileinfo: - Fixed bug php77095 slowness regression in 7.2/7.3 compared to 7.1. Anatol iconv: - Fixed bug php77147...

Fedora 29 : php (2018-7ebfe1e6f2)

PHP version 7.2.13 06 Dec 2018 ftp: - Fixed bug php77151 ftpclose: SSLread on shutdown. Remi CLI: - Fixed bug php77111 php-win.exe corrupts unicode symbols from cli parameters. Anatol Fileinfo: - Fixed bug php77095 slowness regression in 7.2/7.3 compared to 7.1. Anatol iconv: - Fixed bug php77147...

Reliable Controls MACH-ProWebCom Information Disclosure Vulnerability

The Reliable Controls MACH-ProWebCom is a building controller from Canada's Reliable Controls that supports custom programming and has a built-in web server. A security vulnerability exists in Reliable Controls MACH-ProWebCom version 7.80. A remote attacker can exploit the vulnerability by sendin...

PT-2018-11279

Name of the Vulnerable Software and Affected Versions MACH-ProWebCom version 7.80 Description The issue allows remote attackers to obtain sensitive information by making a direct request for specific files, such as data/fileinfo.xml or job/job.json, which can expose the Master Password field...

DEBIAN-CVE-2018-5786

In Long Range Zip aka lrzip 0.631, there is an infinite loop and application hang in the getfileinfo function lrzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file...

PT-2018-17143 · Lrzip +2 · Long Range Zip +2

Name of the Vulnerable Software and Affected Versions: Long Range Zip aka lrzip version 0.631 Description: The issue is related to an infinite loop and application hang in the get fileinfo function. Remote attackers could leverage this to cause a denial of service via a crafted lrz file...

Long Range Zip Infinite Loop Vulnerability

Long Range Zip also known as lrzip is a compression utility that specializes in compressing large files. An infinite loop vulnerability exists in the getfileinfo function lrzip.c in Long Range Zip also known as lrzip 0.631. A remote attacker could exploit this vulnerability via a specially crafte...