24 matches found
Mageia: Security Advisory (MGASA-2015-0370)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
php: libxml_disable_entity_loader setting is shared between threads
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...
Xxe
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...
Fedora 23 : php-ZendFramework-1.12.16-1.fc23 (2015-2e7c06c639)
Update to 1.12.16 - fixes CVE-2015-5161: http://framework.zend.com/security/advisory/ZF2015-06 - fixes CVE-2015-5723: http://framework.zend.com/security/advisory/ZF2015-07 - removed services: DeveloperGarden, Technorati Note that Tenable Network Security has extracted the preceding description...
Fedora 21 : php-ZendFramework-1.12.16-1.fc21 (2015-f1e18131bc)
Update to 1.12.16 - fixes CVE-2015-5161: http://framework.zend.com/security/advisory/ZF2015-06 - fixes CVE-2015-5723: http://framework.zend.com/security/advisory/ZF2015-07 - removed services: DeveloperGarden, Technorati Note that Tenable Network Security has extracted the preceding description...
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection ============================================= - Release date: 29.10.2015 - Discovered by: Dawid Golunski - Severity: High/Critical - eBay Magento ref.: APPSEC-1045 ============================================= I. VULNERABILITY...
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection
============================================= - Release date: 29.10.2015 - Discovered by: Dawid Golunski - Severity: High/Critical - eBay Magento ref.: APPSEC-1045 ============================================= I. VULNERABILITY ------------------------- eBay Magento CE = 1.9.2.1 XML eXternal Entit...
Mageia: Security Advisory (MGASA-2015-0371)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2015-0370 Updated php-ZendFramework packages fix CVE-2015-5161
Updated php-ZendFramework packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML...
Updated php-ZendFramework packages fix CVE-2015-5161
Updated php-ZendFramework and php-ZendFramework2 packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attacker...
Updated php-ZendFramework packages fix CVE-2015-5161
Updated php-ZendFramework packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML...
Fedora Update for php-ZendFramework2 FEDORA-2015-13488
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for php-guzzle-Guzzle FEDORA-2015-13529
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for php-guzzle-Guzzle FEDORA-2015-13488
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 302-1] zendframework security update
Package : zendframework Version : 1.10.6-1squeeze5 CVE ID : CVE-2015-5161 Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform...
CVE-2015-5161
The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...
CVE-2015-5161
CVE-2015-5161 affects ZendXml and Zend Framework components: ZendXml::scan in ZendXml < 1.0.1 and Zend Framework/Tmpl versions < 1.12.14, 2.x < 2.4.6, and 2.5.x
[SECURITY] [DSA 3340-1] zendframework security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3340-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 19, 2015 https://www.debian.org/security/faq -...
Debian DSA-3340-1 : zendframework - security update
Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data. %NASLMINLEVEL 70300 C...
[SECURITY] [DSA 3340-1] zendframework security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3340-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 19, 2015 https://www.debian.org/security/faq -...