89 matches found
[SECURITY] Fedora 37 Update: php-phpmailer6-6.8.1-1.fc37
PHPMailer - A full-featured email creation and transfer class for PHP Class Features Probably the world's most popular code for sending email from PHP! Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more Integrated SMTP support - send without a local...
K29691966: PHP vulnerability CVE-2016-5773
Security Advisory Description phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service...
[SECURITY] Fedora 33 Update: php-phpmailer6-6.5.0-1.fc33
PHPMailer - A full-featured email creation and transfer class for PHP Class Features Probably the world's most popular code for sending email from PHP! Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more Integrated SMTP support - send without a local...
CVE-2016-20010
EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5...
CVE-2016-20010
The CVE-2016-20010 vulnerability affects the WordPress plugin EWWW Image Optimizer prior to 2.8.5. The issue arises because it relies on a protection mechanism involving boolval that is not available before PHP 5.5, enabling remote command execution on affected installations. Affected product: EW...
CVE-2016-20010
EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5...
Cross-site Scripting (XSS) - Generic in prasathmani/tinyfilemanager
:book: Description TinyFileManager is web based file manager and it is a simple, fast and small file manager with a single file, multi-language ready web application for storing, uploading, editing and managing files and folders online via web browser. The Application runs on PHP 5.5+, It allows...
[SECURITY] Fedora 31 Update: php-phpmailer6-6.1.6-1.fc31
PHPMailer - A full-featured email creation and transfer class for PHP Class Features Probably the world's most popular code for sending email from PHP! Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more Integrated SMTP support - send without a local...
Internet Bug Bounty: Null Pointer Dereference in PHP Session Upload Progress
Affected Versions ------------ Affected is all of PHP5.4/5.5/5.6 Affected is all of PHP7 Credits ------------ This vulnerability was disclosed by Taoguang Chen. Description ------------ session.c static int phpsessionrfc1867callbackunsigned int event, void eventdata, void extra / / ... switcheven...
Fedora Update for php-phpmailer6 FEDORA-2018-18f3eff32b
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 28 Update: php-phpmailer6-6.0.6-1.fc28
PHPMailer - A full-featured email creation and transfer class for PHP Class Features Probably the world's most popular code for sending email from PHP! Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more Integrated SMTP support - send without a local...
[SECURITY] Fedora 27 Update: php-phpmailer6-6.0.6-1.fc27
PHPMailer - A full-featured email creation and transfer class for PHP Class Features Probably the world's most popular code for sending email from PHP! Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more Integrated SMTP support - send without a local...
CVE-2016-5116
gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...
CVE-2016-5116
gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...
CVE-2016-5116
gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...
CVE-2016-5116
gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...
Code injection
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite aka Invision Power Board, IPB, or Power Board before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the contentclass parameter...
CVE-2016-5116
gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...
Internet Bug Bounty: Integer underflow / arbitrary null write in fread/gzread
https://bugs.php.net/bug.php?id=72114 Integer underflow in the fread/gzread length parameter allows to write an arbitrary null byte on 64 bit platforms. This was identified with the help of ASAN and a custom fuzzer. gdb run gzread2.php Starting program: /home/operac/php/php-56/sapi/cli/php...
CVE-2015-8878
main/phpopentemporaryfile.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service race condition and heap memory corruption by leveraging an application that performs many temporary-file accesses...