USN-8336-1 php8.1, php8.3, php8.4, php8.5 vulnerabilities

Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the PDO Firebird driver. An attacker could possibly use this issue to perform SQL injection attacks. CVE-2025-14179 It was discovered that PHP incorrectly handled certain encoding...

USN-8336-1: PHP vulnerabilities

Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the PDO Firebird driver. An attacker could possibly use this issue to perform SQL injection attacks. CVE-2025-14179 It was discovered that PHP incorrectly handled certain encoding...

(Pwn2Own) Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SOAP requests. The issue results from the la...

USN-7648-3 php7.0, php7.2, php7.4 regression

USN-7648-2 fixed vulnerabilities in PHP. The patch for CVE-2025-1735 caused a regression in php7.0, php7.2 and php7.4. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain hostnames containing null...

Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20130930)

It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. CVE-2006-7243 It was found that PHP did not check for carriage returns i...

php: Ability to read arbitrary files due use of external entities while parsing SOAP WSDL files

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...

PHP 5.4.x < 5.4.12 Information Disclosure

According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.12. It is, therefore, potentially affected by an information disclosure in the file 'ext/soap/phpxml.c' related to parsing SOAP 'wsdl' files and external entities that could cause PHP to parse remote XM...