Fedora 27 : php-horde-nag (2017-52ed023208)

nag 4.2.17 - jan SECURITY: Fix unauthorized access to task exports. - jan Fix regression when exporting single tags to iCalendar CATEGORIES. - jan Officially support PHP 7. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

CVE-2017-16642

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelibmeridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c...

Internet Bug Bounty: Out-Of-Bounds Read in timelib_meridian()

Description While deserializing an invalid dateTime value, wddxdeserialize would result in a heap out-of-bounds read in timelibmeridian. As wddxdeserialize is exposed to network data, and sometimes echo the results back to client, this issue could potentially allow remote peeking of the process...

Fedora 25 : php-horde-nag (2017-f14c38d58f)

nag 4.2.17 - jan SECURITY: Fix unauthorized access to task exports. - jan Fix regression when exporting single tags to iCalendar CATEGORIES. - jan Officially support PHP 7. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

Fedora 25 : php-horde-passwd (2017-9d14020761)

passwd 5.0.7 - jan Officially support PHP 7. - jan SECURITY: Fix open redirects. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora 26 : php-horde-nag (2017-041ee90a8b)

nag 4.2.17 - jan SECURITY: Fix unauthorized access to task exports. - jan Fix regression when exporting single tags to iCalendar CATEGORIES. - jan Officially support PHP 7. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

Fedora 26 : php-horde-passwd (2017-51b91fc4a9)

passwd 5.0.7 - jan Officially support PHP 7. - jan SECURITY: Fix open redirects. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

WordPress Plugin Content Timeline - SQL Injection

WordPress Plugin Content Timeline - SQL Injection Exploit Title: Multiple Blind SQL Injections Wordpress Plugin: Content Timeline Google Dork: - Date: September 16, 2017 Exploit Author: Jeroen - ITNerdbox Vendor Homepage: http://www.shindiristudio.com/ Software Link:...

CVE-2017-11362

Removed by vendor...

Internet Bug Bounty: PHP OpenSSL zif_openssl_seal() heap overflow (wild memcpy)

Description: A wild memcpy is discovered in the openssl package included in stable PHP release. During parsing a PEM certificate in opensslseal, an invalid key length is produced after parsing, eskl0 value is -1 after the call to EVPSealInit, subsequently causing a heap overflow via a wild memcpy...

CVE-2016-10397

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...

Amazon Linux AMI : php70 (ALAS-2017-812)

Integer overflow in gdio.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. CVE-2016-10168 In all versions of PHP 7, during the unserialization process, resizing the...

Medium: php70

Issue Overview: The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data...

CVE-2016-7479

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution...

Code injection

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution...

CVE-2016-7479

CVE-2016-7479 affects PHP 7, where during unserialization the resizing of the serialized object’s properties hash table can trigger a use-after-free. This is reported to allow a remote attacker to gain arbitrary code execution. The vulnerability is described across multiple advisories/document se...

CVE-2016-7479

Removed by vendor...

CVE-2016-7479

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution...

CVE-2016-9936

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...

CVE-2016-9936

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...