EUVD-2016-4226

Malware in sbrugna...

Null Dereference in SoapClient

...

Linux Distros Unpatched Vulnerability : CVE-2015-4600

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service application...

K14433: PHP SOAP vulnerability CVE-2013-1643

Security Advisory Description PHP allows the use of external entities while parsing SOAP wsdl files, which allows an attacker to read arbitrary files. If a web application unserializes user-supplied data and tries to execute any method of it, an attacker can send a serialized SoapClient object...

K04972684: PHP vulnerability CVE-2016-3185

Security Advisory Description The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service type confusion and...

K17061: Multiple PHP vulnerabilities

Security Advisory Description CVE-2015-4599 The SoapFault::toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service application crash, or possibly execute arbitrary code...

K54423555: PHP vulnerability CVE-2015-4147

Security Advisory Description The SoapClient::call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that defaultheaders is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an...

SUSE CVE-2015-4600

The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the 1...

SUSE CVE-2015-6836

The SoapClient call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serializefunctioncall...

SUSE CVE-2015-8835

The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service NULL pointer dereference, type confusion, and application crash or possibly execute...

CDI < 5.1.9 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...

CentOS 8 : php:7.4 (CESA-2021:4213)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4213 advisory. - php: Use of freed hash key in the pharparsezipfile function CVE-2020-7068 - php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV...

SUSE: Security Advisory (SUSE-SU-2021:14668-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0522-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0494-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0584-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for php7 (openSUSE-SU-2021:0305-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2021:14668-1 Security update for php53

This update for php53 fixes the following issues: - CVE-2021-21702 bsc1182049: NULL pointer dereference in SoapClient...

SUSE SLES15 Security Update : php7 (SUSE-SU-2021:0584-1)

This update for php7 fixes the following issues : CVE-2021-21702 bsc1182049: NULL pointer dereference in SoapClient Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it...

SUSE-SU-2021:0584-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2021-21702 bsc1182049: NULL pointer dereference in SoapClient...