10 matches found
CVE-2008-1066
The modifier.regexreplace.php plugin in Smarty before 2.6.19, as used by Serendipity S9Y and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string...
Gentoo Security Advisory GLSA 201111-04 (PhpDocumentor)
The remote host is missing updates announced in advisory GLSA 201111-04. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
GLSA-201111-04 : phpDocumentor: Function call injection
The remote host is affected by the vulnerability described in GLSA-201111-04 phpDocumentor: Function call injection phpDocumentor bundles Smarty with the modifier.regexreplace.php plug-in which does not properly sanitize input related to the ASCII NUL character in a search string. Impact : A remo...
Gentoo Security Advisory GLSA 201006-13 (smarty)
The remote host is missing updates announced in advisory GLSA 201006-13. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 201006-13 (smarty)
The remote host is missing updates announced in advisory GLSA 201006-13. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...
Fedora Update for gallery2 FEDORA-2008-2650
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
[SECURITY] [DSA 1520-1] New smarty packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1520-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 16, 2008 http://www.debian.org/security/faq -...
Security fix for the ALT Linux 6 package smarty version 2.6.19-alt1
March 12, 2008 Vladimir V Kamarzin 2.6.19-alt1 - 2.6.19. Security fixes: + CVE-2008-1066 Smarty "regexreplace" Modifier Template Security Bypass...
CVE-2008-1066
The modifier.regexreplace.php plugin in Smarty before 2.6.19, as used by Serendipity S9Y and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string...
CVE-2008-1066
The CVE-2008-1066 entry concerns Smarty (PHP template engine). The vulnerable component is the modifier.regex_replace.php plug‑in, which does not properly sanitize input related to the ASCII NUL character in a search string. This can allow a remote attacker to call arbitrary PHP functions via tem...