CVE-2016-3154

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

CVE-2016-3154

SPIP contains a PHP object injection vulnerability (CVE-2016-3154) in the encoder_contexte_ajax path (ecrire/inc/filtres.php). The issue affects SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1, where deserializing crafted object data can allow remote attackers to inject object...

Debian DSA-3518-1 : spip - security update

Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in code injection. - CVE-2016-3153 g0uZ et sambecks, from team root-me, discovered that arbitrary PHP code could be injected when adding content. - CVE-2016-3154 Gilles Vincent discovered that deserializing...

[SECURITY] [DSA 3518-1] spip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3518-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 16, 2016 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3518-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...