php: Fix of CVE-2025-1220

CVE-2025-1220: fix null byte termination in hostnames...

CLSA-2025-1753768680 php: Fix of CVE-2025-1220

CVE-2025-1220: error if host contains null bytes in the middle of the string...

CLSA-2025-1753729863 php: Fix of CVE-2025-1220

CVE-2025-1220: fix null byte termination in hostnames...

CLSA-2025-1753465703 php: Fix of 3 CVEs

CVE-2025-1220: error if host contains null bytes in the middle of the string - CVE-2025-6491: fix NULL pointer dereference vulnerability in soap - CVE-2025-1735: add error error checks for escape function is pgsql and pdopgsql extensions...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

CVE-2025-47812 – Wing FTP Server RCE Exploit Exploit Title:...

Security update for php8

This update for php8 fixes the following issues: Version update to 8.2.29: CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP Extensi...

SUSE-SU-2025:02474-1 Security update for php8

This update for php8 fixes the following issues: Version update to 8.2.29: - CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 - CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 - CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP...

Security update for php7

This update for php7 fixes the following issues: CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...

SUSE-SU-2025:02473-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 - CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 - CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP Extension via Large XML...

Security update for php8

This update for php8 fixes the following issues: CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...

SUSE-SU-2025:02463-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 - CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 - CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP Extension via Large XML...

Security update for php8

This update for php8 fixes the following issues: Version update to 8.3.23: CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP Extensi...

SUSE-SU-2025:02462-1 Security update for php8

This update for php8 fixes the following issues: Version update to 8.3.23: - CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 - CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 - CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP...

PT-2025-40874

Name of the Vulnerable Software and Affected Versions Software versions prior to 8.0 Description An issue exists in the handling of MPEG-DASH manifests where an out-of-bounds NUL-byte write occurs one byte past the end of the buffer. This happens during the calculation of the content path. The...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

🛡️ CVE-2025-47812 – Critical RCE in Wing FTP Server 🛡️ 🔎...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

=========================================================== CVE...

BIT-PHP-MIN-2025-1220 Null byte termination in hostnames

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...

BIT-PHP-2025-1220 Null byte termination in hostnames

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-47812link is external Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability These types of vulnerabilities are frequent attack...

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default...