16 matches found
Debian: Security Advisory (DLA-444-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Buffer Overflow
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to...
Memory Corruption
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...
Use-After-Free
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...
php55 security and bug fix update
php55 2.0-1 - fix incorrect selinux contexts 1194336 php55-php 5.5.21-2.0.1 - add dtrace-utils as build dependency 5.5.21-2 - core: fix use-after-free vulnerability in the processnesteddata function unserialize CVE-2015-2787 - core: fix NUL byte injection in file name argument of moveuploadedfile...
PHP多版本(5.2,5.4.38~5.6.6)任意文件上传漏洞
PHP任意文件上传漏洞(CVE-2015-2348)。通常情况下,php的开发者会对文件名后缀、文件类型Content-Type、Mime type、文件大小等进行检查来限制恶意php脚本的上传,但是攻击者可以利用该漏洞绕过这些限制,直接上传恶意的文件。 漏洞详情 该漏洞存在于php的moveuploadedfile函数中,这个函数一般在上传文件时被使用,用途是将上传的文件移动到新位置。 moveuploadedfile string $filename , string $destination...
Scientific Linux Security Update : php on SL7.x x86_64 (20150623)
A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. CVE-2015-3330 A flaw was...
CentOS 7 : php (CESA-2015:1135)
Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...
Important: Red Hat Security Advisory: php security and bug fix update
Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...
PHP < 5.4.39, 5.5.x < 5.5.23, 5.6.x < 5.6.7 Multiple Vulnerabilities - Linux
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
USN-2572-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2015-3330 It was discovered that PHP incorrectly handled opening tar, zip or ph...
PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 analysis and use-vulnerability and early warning-the black bar safety net
Today, security researchers released a medium-risk vulnerabilities--PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 in. Typically, the php developer will be the file name suffix, file typeContent-Type, Mime type, file size, etc. to be checked to limit the malicious php script is...
PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 analysis-vulnerability warning-the black bar safety net
Last night security news broke of a“PHP arbitrary file upload Vulnerability”, CVE number: CVE-2 0 1 5-2 3 4 8 in. At the time landlord is ready to pack up and go home, see this news my heart a surprised: the lost rivers and lakes for many years the 0 character truncation upload vulnerability and...
PHP move_uploaded_file security restrictions bypass Vulnerability(CVE-2 0 1 5-2 3 4 8)-vulnerability warning-the black bar safety net
Affected system: PHP PHP 5.6. x PHP PHP 5.5. x PHP PHP 5.4.39 Description: CVECAN ID: CVE-2 0 1 5-2 3 4 8 PHP is a General-purpose open source scripting language. PHP 5.4.39, and 5.5. x, 5.6. x version of ext/standard/basicfunctions. c, moveuploadedfile encountered\x00 characters will truncate th...
PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8-a vulnerability warning-the black bar safety net
Security researchers today published a medium-risk vulnerabilities--PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 in. In the Upload File only when the determined file name is the legal name of the file to conclude that this file is not malicious file, which will indeed lead to othe...
CVE-2015-2348
The moveuploadedfile implementation in ext/standard/basicfunctions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected...