Linux Distros Unpatched Vulnerability : CVE-2018-5711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer...

RHSA-2019:3724 Red Hat Security Advisory: rh-php70-php security update

Bulletin has no description...

Osprey Pump Controller 1.0.1 pseudonym Command Injection Vulnerability

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script. Osprey Pump Controller 1.0.1 pseudonym Semi-blind...

Osprey Pump Controller 1.0.1 pseudonym Command Injection

Osprey Pump Controller 1.0.1 pseudonym Semi-blind Command Injection Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0....

K28464509: PHP vulnerability CVE-2018-7584

Security Advisory Description In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in...

K29691966: PHP vulnerability CVE-2016-5773

Security Advisory Description phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service...

USN-5300-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120 It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this iss...

Debian DLA-2708-1 : php7.0 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2708 advisory. Several vulnerabilities were discovered in php5, a server-side, HTML-embedded scripting language. An attacker could cause denial of service DoS, memory corruption...

DLA-2397-1 php7.0 - security update

Bulletin has no description...

DLA-2345-1 php7.0 - security update

Bulletin has no description...

DSA-4717-1 php7.0 - security update

Bulletin has no description...

PHP 7.0 < 7.4 (Unix) - debug_backtrace disable_functions Bypass Exploit

a; $backtrace = new Exception-getTrace; ; if!isset$backtrace1'args' PHP = 7.4 $backtrace = debugbacktrace; class Helper public $a, $b, $c, $d; function str2ptr&$str, $p = 0, $s = 8 $address = 0; for$j = $s-1; $j = 0; $j-- $address = 8; return $out; function write&$str, $p, $v, $n = 8 $i = 0; for$...

DSA-4552-1 php7.0 - security update

Bulletin has no description...

PHP 7.0 < 7.3 (Unix) - (gc) Disable Functions Bypass Exploit

Exploit for php platform in category web applications = 0; $j-- $address = 8; return $out; function write&$str, $p, $v, $n = 8 $i = 0; for$i = 0; $i = 8; function leak$addr, $p = 0, $s = 8 global $abc, $helper; write$abc, 0x68, $addr + $p - 0x10; $leak = strlen$helper-a; if$s != 8 $leak %= 2 $s 8...

DSA-4529-1 php7.0 - security update

Bulletin has no description...

[SECURITY] [DSA 4403-1] php7.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4403-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 08, 2019 https://www.debian.org/security/faq -...

PHP 7.0.x < 7.0.22 Denial of Service Vulnerability

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.22. It is, therefore, affected by a denial of service DoS vulnerability exists in the ext/wddx/wddx.c script due to the use of an invalid free for an empty boolean element. An unauthenticated, remot...

DSA-4398-1 php7.0 - security update

Bulletin has no description...

PHP 7.0.x < 7.0.23 Heap User After Free Vulnerability

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.23 or 7.1.x prior to 7.1.9, therefore, affected by a heap user after free vulnerability when unserializing invalid array size. Note that the scanner has not tested for these issues but has instead...

PHP 7.0.x < 7.0.25 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.25. It is, therefore, affected by multiple vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No...