82 matches found
Updated php-smarty packages fix security vulnerability
Template authors could inject php code by choosing a malicious block name or include file name. CVE-2022-29221...
Mageia: Security Advisory (MGASA-2022-0127)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0127 Updated php-smarty packages fix security vulnerability
Updated php-smarty packages to version 4 for php 8 compatibility and to fix security vulnerabilities...
Updated php-smarty packages fix security vulnerability
Updated php-smarty packages to version 4 for php 8 compatibility and to fix security vulnerabilities...
Mageia: Security Advisory (MGASA-2014-0469)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2018-0118)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2018-0403)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2021-0335)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated php-smarty package fixes security vulnerabilities
Smarty before 3.1.39 allows a Sandbox Escape because $smarty.templateobject can be accessed in sandbox mode CVE-2021-26119. Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring CVE-2021-26120...
Fedora Update for php-Smarty FEDORA-2019-e595e8a7d7
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 29 : php-Smarty (2019-e595e8a7d7)
===== 3.1.33 release ===== 12.09.2018 ===== 3.1.33-dev-12 ===== 03.09.2018 - bugfix foreach using new style property access like $item@property on Smarty 2 style named foreach loop could produce errors https://github.com/smarty-php/smarty/issues/484 Note that Tenable Network Security has extracte...
Fedora 28 : php-Smarty (2019-d248c5aa39)
===== 3.1.33 release ===== 12.09.2018 ===== 3.1.33-dev-12 ===== 03.09.2018 - bugfix foreach using new style property access like $item@property on Smarty 2 style named foreach loop could produce errors https://github.com/smarty-php/smarty/issues/484 Note that Tenable Network Security has extracte...
Fedora Update for php-Smarty FEDORA-2019-d248c5aa39
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 29 Update: php-Smarty-3.1.33-1.fc29
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation. Autoloader: /usr/share/php/Smarty/autoload.php...
MGASA-2018-0403 Updated php-smarty packages fix security vulnerability
Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files CVE-2018-13982...
MGASA-2018-0118 Updated php-smarty packages fix security vulnerability
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template nameCVE-2017-1000480...
[ MDVSA-2014:221 ] php-smarty
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:221 http://www.mandriva.com/en/support/security/ Package : php-smarty Date : November 21, 2014 Affected: Business Server 1.0 Problem Description: References: https://vulners.com/cve/CVE-2012-4437...
Mandriva Linux Security Advisory : php-smarty (MDVSA-2014:221)
An XSS vulnerability in the SmartyException class in Smarty aka smarty-php before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception CVE-2012-4437. Smarty before 3.1.21 allows remote attackers to bypass the secure mode...
MGASA-2014-0469 Updated php-smarty packages fix security vulnerability
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal" in a template CVE-2014-8350...
Fedora 21 : php-Smarty-3.1.21-1.fc21 (2014-13618)
New upstream release, fix CVE-2014-8350 New upstream release New upstream release New upstream release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...