Debian: Security Advisory (DSA-3369-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2015-0371 Updated php-ZendFramework packages fix CVE-2015-5161

Updated php-ZendFramework and php-ZendFramework2 packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attacker...

Debian DSA-3340-1 : zendframework - security update

Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data. %NASLMINLEVEL 70300 C...

[SECURITY] [DLA 251-1] zendframework security update

Package : zendframework Version : 1.10.6-1squeeze3 CVE ID : CVE-2012-6531 CVE-2012-6532 CVE-2014-2681 CVE-2014-2682 CVE-2014-2683 CVE-2014-2684 CVE-2014-2685 CVE-2014-4914 CVE-2014-8088 CVE-2014-8089 CVE-2015-3154 Debian Bug : 743175 754201 Several vulnerabilities were found in the Zend PHP...

[SECURITY] Fedora 21 Update: php-symfony-2.5.12-1.fc21

PHP framework for web projects...

[SECURITY] Fedora 20 Update: php-symfony-2.5.12-1.fc20

PHP framework for web projects...

DSA-3265-2 zendframework - regression update

Bulletin has no description...

[SECURITY] [DSA 3265-1] zendframework security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3265-1 [email protected] http://www.debian.org/security/ David Prévot May 20, 2015 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3265-1 (zendframework - security update)

Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154 , all these issues were already fixed in the version initially shipped with Jessie. CVE-2014-2681Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some...

[SECURITY] Fedora 21 Update: php-symfony-2.5.11-1.fc21

PHP framework for web projects...

[SECURITY] Fedora 20 Update: php-symfony-2.5.11-1.fc20

PHP framework for web projects...

Slim PHP Framework 'SessionCookie.php' Remote PHP Object Injection Vulnerability

Slim PHP Framework is an American software developer Josh Lockhart developed a set of miniature PHP5 framework , it can be used to create RESTful Web applications and APIs. A remote PHP object injection vulnerability exists in Slim PHP Framework 2.5.0 and earlier versions. An attacker can exploit...

FreeBSD : yii -- Remote arbitrary PHP code execution (5a35bc56-7027-11e4-a4a3-001999f8d30b)

Yii PHP Framework developers report : We are releasing Yii 1.1.15 to fix a security issue found in 1.1.14. We urge all 1.1.14 users to upgrade their Yii to this latest release. Note that the issue only affects 1.1.14. All previous releases are not affected. Upgrading to this release from 1.1.14 i...

[SECURITY] Fedora 21 Update: php-symfony-2.5.4-1.fc21

PHP framework for web projects...

CVE-2014-4672

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...

Code injection

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...

CVE-2014-4672

CVE-2014-4672 affects Yii PHP Framework 1.1.14: the CDetailView widget’s value property can be exploited to execute arbitrary PHP scripts on the server. Public documents state the issue arises when user input is used to configure the value attribute, enabling remote code execution. A fix was rele...

CVE-2014-4672

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...

pyrocms 2.1.1 - Multiple Vulnerabilities

No description provided by source. PyroCMS 2.1.1 CRLF Injection And Stored XSS Vulnerability Vendor: HappyNinjas Ltd Product web page: http://www.pyrocms.com Affected version: 2.1.1 Community Summary: PyroCMS is a CMS built using the CodeIgniter PHP framework. Using an MVC architecture it was bui...

dotproject <= 2.1.6 - Remote File Inclusion Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ posdubatgmail.com 2012-11-13 dotProject = 2.1.6 Remote File Inclusion Vulnerability Script: PHP web-based project...