Fedora: Security Advisory for php-openpsa-universalfeedcreator (FEDORA-2022-59f0ad964c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: php-openpsa-universalfeedcreator-1.8.4.1-1.fc35

RSS and Atom feed generator. Supported formats: RSS0.91, RSS1.0, RSS2.0, PIE0.1 deprecated, MBOX, OPML, ATOM, ATOM0.3, HTML, JS, PHP. Autoloader: /usr/share/php/openpsa-universalfeedcreator/autoload.php...

[SECURITY] Fedora 34 Update: php-openpsa-universalfeedcreator-1.8.4.1-1.fc34

RSS and Atom feed generator. Supported formats: RSS0.91, RSS1.0, RSS2.0, PIE0.1 deprecated, MBOX, OPML, ATOM, ATOM0.3, HTML, JS, PHP. Autoloader: /usr/share/php/openpsa-universalfeedcreator/autoload.php...

Fedora: Security Advisory for php-openpsa-universalfeedcreator (FEDORA-2022-44f5e9e219)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Denial Of Service (DoS)

openpsa/midcom is vulnerable to denial of service Dos attacks. The library uses a vulnerable version of PHP and calls the insecure method xmlparseintostruct. This can allow a malicious user to upload an XML file with the RSS Upload feature to cause a buffer under read or segmentation fault that c...

Remote Code Execution (RCE)

openpsa/midcom is vulnerable to remote code execution RCE attacks. The library does not sanitize the json string before deserialization, allowing a malicious user to inject and execute arbitrary code through it...

CVE-2018-1000525

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

CVE-2018-1000526

Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26...

CVE-2018-1000525

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

CVE-2018-1000526

Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26...

Information disclosure

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

Design/Logic Flaw

Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26...

CVE-2018-1000525

OpenPSA is affected by a PHP Object Injection vulnerability in form data passed as GET variables, allowing a crafted GET request to serialize a PHP object and potentially disclose information or achieve remote code execution. The issue arises from unsafe deserialization, enabling arbitrary code e...

CVE-2018-1000526

Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26...

CVE-2018-1000526

The CVE-2018-1000526 entry concerns OpenPSA with an XML Injection vulnerability in the RSS upload feature, caused by a vulnerable XML processing path. The related Veracode document notes that openpsa/midcom uses an outdated PHP version and calls the insecure method xml_parse_into_struct, which ca...