Lucene search
K

24 matches found

OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.24 views

Mageia: Security Advisory (MGASA-2015-0370)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS8.7AI score0.09911EPSS
Exploits7References7
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.5 views

php: libxml_disable_entity_loader setting is shared between threads

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...

9.6CVSS7.3AI score0.04026EPSS
Exploits1References4
Prion
Prion
added 2016/05/22 1:59 a.m.25 views

Xxe

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...

6.8CVSS7.1AI score0.09911EPSS
Exploits8References12Affected Software6
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.44 views

Fedora 23 : php-ZendFramework-1.12.16-1.fc23 (2015-2e7c06c639)

Update to 1.12.16 - fixes CVE-2015-5161: http://framework.zend.com/security/advisory/ZF2015-06 - fixes CVE-2015-5723: http://framework.zend.com/security/advisory/ZF2015-07 - removed services: DeveloperGarden, Technorati Note that Tenable Network Security has extracted the preceding description...

7.8CVSS7.4AI score0.09911EPSS
Exploits7References10
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.60 views

Fedora 21 : php-ZendFramework-1.12.16-1.fc21 (2015-f1e18131bc)

Update to 1.12.16 - fixes CVE-2015-5161: http://framework.zend.com/security/advisory/ZF2015-06 - fixes CVE-2015-5723: http://framework.zend.com/security/advisory/ZF2015-07 - removed services: DeveloperGarden, Technorati Note that Tenable Network Security has extracted the preceding description...

7.8CVSS7.4AI score0.09911EPSS
Exploits7References10
exploitpack
exploitpack
added 2015/10/30 12:0 a.m.83 views

eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection

eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection ============================================= - Release date: 29.10.2015 - Discovered by: Dawid Golunski - Severity: High/Critical - eBay Magento ref.: APPSEC-1045 ============================================= I. VULNERABILITY...

6.8CVSS0.4AI score0.09911EPSS
Exploits7
Exploit DB
Exploit DB
added 2015/10/30 12:0 a.m.319 views

eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection

============================================= - Release date: 29.10.2015 - Discovered by: Dawid Golunski - Severity: High/Critical - eBay Magento ref.: APPSEC-1045 ============================================= I. VULNERABILITY ------------------------- eBay Magento CE = 1.9.2.1 XML eXternal Entit...

6.8CVSS7.7AI score0.09911EPSS
Exploits7
OpenVAS
OpenVAS
added 2015/10/15 12:0 a.m.43 views

Mageia: Security Advisory (MGASA-2015-0371)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS8.7AI score0.09911EPSS
Exploits7References7
OSV
OSV
added 2015/09/15 2:55 p.m.10 views

MGASA-2015-0370 Updated php-ZendFramework packages fix CVE-2015-5161

Updated php-ZendFramework packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML...

6.8CVSS5.7AI score0.09911EPSS
Exploits7References6
Mageia
Mageia
added 2015/09/15 2:55 p.m.70 views

Updated php-ZendFramework packages fix CVE-2015-5161

Updated php-ZendFramework packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML...

6.8CVSS8.5AI score0.09911EPSS
Exploits7References5
Mageia
Mageia
added 2015/09/15 2:55 p.m.44 views

Updated php-ZendFramework packages fix CVE-2015-5161

Updated php-ZendFramework and php-ZendFramework2 packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attacker...

6.8CVSS8.5AI score0.09911EPSS
Exploits7References5
OpenVAS
OpenVAS
added 2015/08/28 12:0 a.m.43 views

Fedora Update for php-guzzle-Guzzle FEDORA-2015-13529

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS8.6AI score0.09911EPSS
Exploits7References2
OpenVAS
OpenVAS
added 2015/08/28 12:0 a.m.40 views

Fedora Update for php-ZendFramework2 FEDORA-2015-13488

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS8.6AI score0.09911EPSS
Exploits7References2
OpenVAS
OpenVAS
added 2015/08/28 12:0 a.m.42 views

Fedora Update for php-guzzle-Guzzle FEDORA-2015-13488

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS8.6AI score0.09911EPSS
Exploits7References2
Debian
Debian
added 2015/08/27 5:38 p.m.48 views

[SECURITY] [DLA 302-1] zendframework security update

Package : zendframework Version : 1.10.6-1squeeze5 CVE ID : CVE-2015-5161 Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform...

6.8CVSS7.1AI score0.09911EPSS
Exploits7
UbuntuCve
UbuntuCve
added 2015/08/25 5:59 p.m.37 views

CVE-2015-5161

The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...

6.8CVSS7.2AI score0.09911EPSS
Exploits7References2
CVE
CVE
added 2015/08/25 5:0 p.m.197 views

CVE-2015-5161

CVE-2015-5161 affects ZendXml and Zend Framework components: ZendXml::scan in ZendXml < 1.0.1 and Zend Framework/Tmpl versions < 1.12.14, 2.x < 2.4.6, and 2.5.x

6.8CVSS8.3AI score0.09911EPSS
Exploits7References10Affected Software1
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.67 views

[SECURITY] [DSA 3340-1] zendframework security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3340-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 19, 2015 https://www.debian.org/security/faq -...

6.8CVSS2AI score0.09911EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2015/08/24 12:0 a.m.61 views

Debian DSA-3340-1 : zendframework - security update

Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data. %NASLMINLEVEL 70300 C...

6.8CVSS8AI score0.09911EPSS
Exploits7References4
Debian
Debian
added 2015/08/19 9:43 p.m.55 views

[SECURITY] [DSA 3340-1] zendframework security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3340-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 19, 2015 https://www.debian.org/security/faq -...

6.8CVSS8AI score0.09911EPSS
Exploits7
Rows per page
Query Builder