8 matches found
Mageia: Security Advisory (MGASA-2018-0118)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2018-0118 Updated php-smarty packages fix security vulnerability
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template nameCVE-2017-1000480...
Updated php-smarty packages fix security vulnerability
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template nameCVE-2017-1000480...
Debian DSA-4094-1 : smarty3 - security update
It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty. C Tenable Network Security, Inc. The descriptive text and package checks in...
[SECURITY] [DSA 4094-1] smarty3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4094-1 [email protected] https://www.debian.org/security/ January 22, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
CVE-2017-1000480
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...
CVE-2017-1000480
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...
CVE-2017-1000480
Smarty 3.x before 3.1.32 is vulnerable to PHP code injection when fetch() or display() are used on custom resources that do not sanitize the template name. Root cause: unsanitized template-name handling in Smarty’s fetch/display paths can lead to arbitrary code execution in PHP contexts. The CVE ...