214 matches found
Several Zend Products Vulnerable to XXE and XEE attacks
Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...
GHSA-GP39-H9C2-QW79 Several Zend Products Vulnerable to XXE and XEE attacks
Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...
SUSE: Security Advisory (SUSE-SU-2021:3727-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2021:3726-1 Security update for php74
This update for php74 fixes the following issues: - CVE-2021-21703: Fixed local privilege escalation via PHP-FPM bsc1192050...
Updated php packages fix security vulnerability
Updated php packages fix security vulnerability: In PHP versions 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main...
Ubuntu: Security Advisory (USN-5125-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5125-1: PHP vulnerability
It was discovered that PHP-FPM in PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
USN-5125-1 php5, php7.0, php7.2, php7.4, php8.0 vulnerability
It was discovered that PHP-FPM in PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
[SECURITY] [DSA 4993-1] php7.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4993-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 25, 2021 https://www.debian.org/security/faq -...
UBUNTU-CVE-2021-21703
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the...
CVE-2021-42040
CVE-2021-42040 affects MediaWiki up to 1.36.2, where a loop-control parser function in the Loops extension mishandles egLoopsCountLimit, allowing an infinite loop and potential memory exhaustion. Public references from PT-Security indicate upgrades to fixed branches: update to MediaWiki 1.36.3+ f...
Exploit for Out-of-bounds Write in Php
This is an exploit module for a bug in php-fpm CVE-2019-11043. The exploit targets a vulnerability in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit works by appending a specially crafted URL to the web server, which...
SUSE: Security Advisory (SUSE-SU-2020:2896-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:2997-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Algolia: PHP-FPM status page disclosure
A page leaking debug information was publicly accessible...
Exploit for Out-of-bounds Write in Php
This is an exploit for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit works by setting the PHPVALUE path info to a malicious value, whic...
Exploit for Out-of-bounds Write in Php
PoC exploit for CVE-2019-11043, an exploit for a bug in php-fpm. The exploit targets a vulnerability in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit assumes that the nginx configuration has a location block that forwar...
SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:2997-1)
This update for php7 fixes the following issues : CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite...
SUSE SLES12 Security Update : php7 (SUSE-SU-2020:2920-1)
This update for php7 fixes the following issues : CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names bsc1177352. Added tmpfiles.d for php-fpm to provide a base for a socket bsc1173786 Note that Tenable Network Security has...
SUSE SLES12 Security Update : php74 (SUSE-SU-2020:2896-1)
This update for php74 fixes the following issues : CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrit...