Mageia: Security Advisory (MGASA-2014-0430)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Internet Bug Bounty: Use after free with assign by ref to overloaded objects

Reported: 2015-07-15 16:30 UTC Fixed: 2015-07-21 14:20 UTC Bug Report: https://bugs.php.net/bug.php?id=70083 Fixed in PHP 5.6: http://git.php.net/?p=php-src.git;a=commitdiff;h=f57cb13c566613eec0e1c2f6d96d18565436a9b7 Fixed in 7:...

up.time 7.5.0 Upload / Execute File

up.time 7.5.0 Upload And Execute File Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: up.time suffers from arbitrary command execution. Attackers can...

up.time 7.5.0 Upload And Execute File Exploit

Summary The next-generation of IT monitoring software. Description up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF,...

up.time 7.5.0 - Superadmin Privilege Escalation

up.time 7.5.0 - Superadmin Privilege Escalation ...

CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file...

CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file...

CVE-2014-3710

CVE-2014-3710 affects the Fileinfo extension used by PHP (via the file command parser) in ELF file handling. The vulnerability lies in readelf.c (up to PHP 5.4.34 and fileinfo up to 5.20) where insufficient ELF note-header validation can enable a crafted ELF file to trigger an out-of-bounds read ...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/php-5.4.34-i486-1slack14.1.txz: Upgraded. This update fixes bugs and security issues. 68044 Integer overflow in unserialize 32-bit...

CVE-2014-3668

Buffer overflow in the datefromISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service application crash via 1 a crafted first argument to t...

CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file...