Debian DLA-1251-1 : php5 security update

It was discovered that PHP5 was vulnerable to a reflected cross-site scripting XSS attack on the PHAR 404 error page by manipulating the URI of a request for a .phar file. This issue is only exploitable if the web server is configured to handle phar files using PHP5. For Debian 7 'Wheezy', these...

Debian: Security Advisory (DLA-1251-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1251-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u12 CVE ID : CVE-2018-5712 It was discovered that PHP5 was vulnerable to a reflected cross-site scripting XSS attack on the PHAR 404 error page by manipulating the URI of a request for a .phar file. This issue is only exploitable if the web server is configur...

DLA-1251-1 php5 - security update

Bulletin has no description...

PerfexCRM 1.9.7 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: PerfexCRM 1.9.7 – Unrestricted php5 File upload Exploit Author: Ahmad Mahfouz Description: PerfexCRM 1.9.7 prone to unrestricted file upload that lead to system take over by misconfigured elfinder plugin Contact:...

PerfexCRM 1.9.7 - Arbitrary File Upload

PerfexCRM 1.9.7 - Arbitrary File Upload Exploit Title: PerfexCRM 1.9.7 – Unrestricted php5 File upload Exploit Author: Ahmad Mahfouz Description: PerfexCRM 1.9.7 prone to unrestricted file upload that lead to system take over by misconfigured elfinder plugin Contact: http://twitter.com/eln1x Date...

Debian DSA-4081-1 : php5 - security update

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language : - CVE-2017-11142 Denial of service via overly long form variables - CVE-2017-11143 Invalid free in wddxdeserialize - CVE-2017-11144 Denial of service in openssl extension due to incorrect...

[SECURITY] [DSA 4081-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4081-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2018 https://www.debian.org/security/faq -...

DSA-4081-1 php5 - security update

Bulletin has no description...

Debian: Security Advisory (DLA-818-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : php5 (openSUSE-2017-1371)

This update for php5 fixes the following issues : Security issues fixed : - CVE-2017-16642: Fix timelibmeridian error that could be used to leak information from the interpreter bsc1067441. - CVE-2017-4025: Fix pathname truncation in setincludepath, tempnam, rmdir, and readlink bsc1067090. -...

SUSE-SU-2017:3277-1 Security update for php5

This update for php5 fixes the following issues: Security issues fixed: - CVE-2017-16642: Fix timelibmeridian error that could be used to leak information from the interpreter bsc1067441. - CVE-2017-4025: Fix pathname truncation in setincludepath, tempnam, rmdir, and readlink bsc1067090. -...

openSUSE Security Update : php5 (openSUSE-2017-1079)

This update for php5 fixes on issues. This security issue was fixed : - CVE-2017-12933: The finishnesteddata function in ext/standard/varunserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the...

SUSE-SU-2017:2518-1 Security update for php5

This update for php5 fixes on issues. This security issue was fixed: - CVE-2017-12933: The finishnesteddata function in ext/standard/varunserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the...

openSUSE Security Update : php5 (openSUSE-2017-1010)

This update for php5 fixes the following issues : - CVE-2016-10397: parseurl can be bypassed to return fake host. bsc1047454 - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP...

SUSE-SU-2017:2317-1 Security update for php5

This update for php5 fixes the following issues: - CVE-2016-10397: parseurl can be bypassed to return fake host. bsc1047454 - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP...

Debian DLA-1076-1 : php5 security update

The finishnesteddata function in ext/standard/varunserializer.re in PHP is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP. For Debian 7 'Wheezy', these problems have been fixed in version...

[SECURITY] [DLA 1076-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u11 CVE ID : CVE-2017-12933 The finishnesteddata function in ext/standard/varunserializer.re in PHP is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP. For Debia...

DLA-1076-1 php5 - security update

Bulletin has no description...

Debian DLA-1066-1 : php5 security update

A stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input instead of the system's php.ini file for the parseinistring or...