Security update for php5 (important)

This update for php5 fixes the following security issues: - bsc974305: buffer overflow in libmagic - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM bnc973792. - CVE-2015-8835: SoapClient scall method suffered from type confusion issue bnc973351. - CVE-2016-3141: A use-after-free / double-free...

[SECURITY] [DSA 3560-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3560-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 27, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3560-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3560-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 27, 2016 https://www.debian.org/security/faq -...

SUSE-SU-2016:1166-1 Security update for php5

This update for php5 fixes the following security issues: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM bnc973792. - CVE-2015-8835: SoapClient scall method suffered from a type confusion issue that could have lead to crashes bsc973351 - CVE-2016-2554: A NULL pointer dereference in...

Debian: Security Advisory (DSA-3560-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : apparmor (openSUSE-2016-491)

This update for apparmor updates some profiles. It is specifically required for the Samba security update. profile updates : - sbin.syslog-ng - usr.sbin.identd - usr.sbin.nscd allows nscd paranoia mode - usr.sbin.smbd - usr.sbin.smbldap-useradd - apache2.d/phpsysinfo updated abstractions : - aspe...

RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: RockMongo v1.1.8 - PHP MongoDB Administrator Multiple Vulnerabilities Date: 11.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://rockmongo.com Software Link: https://github.com/iwind/rockmongo Version: app version 1.1.8...

RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities

Exploit Title: RockMongo v1.1.8 - PHP MongoDB Administrator Multiple Vulnerabilities Date: 11.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://rockmongo.com Software Link: https://github.com/iwind/rockmongo Version: app version 1.1.8 What is RockMongo? RockMongo, a MongoDB administratio...

RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities

RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities Exploit Title: RockMongo v1.1.8 - PHP MongoDB Administrator Multiple Vulnerabilities Date: 11.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://rockmongo.com Software Link: https://github.com/iwind/rockmongo Version: ap...

FreeBSD : php5 -- multiple vulnerabilities (e991ef79-e920-11e5-92ce-002590263bf5)

The PHP Group reports : - Phar : - Fixed bug 71498 Out-of-Bound Read in pharparsezipfile. - WDDX : - Fixed bug 71587 Use-After-Free / Double-Free in WDDX Deserialize. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from th...

openSUSE Security Update : php5 (openSUSE-2016-323)

This update for php5 fixes the following issues : - CVE-2016-2554: A stack overflow vulnerability when decompressing tar phar archives was fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Updat...

WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting

WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting 1. Introduction Exploit Title: WordPress WP Advanced Comment 0.10 Persistent XSS Date: Mar.09.2016 Exploit Author: Mohammad Khaleghi Contact: https://twitter.com/blackmatrix Vendor: Ravi Shakya Tested On: Apache2.2 / PHP5...

Fedora 23 : roundcubemail-1.1.4-2.fc23 (2015-6e299214b8)

Release 1.1.4 - Add workaround for https://bugs.php.net/bug.php?id=70757 1490582 - Fix duplicate messages in list and wrong count after delete 1490572 - Fix so Installer requires PHP5 - Make brute-force attacks harder by re-generating security token on every failed login 1490549 - Slow down brute...

Debian DLA-444-1 : php5 security update

CVE-2015-2305 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression...

[SECURITY] [DLA 444-1] php5 security update

Package : php5 Version : 5.3.3.1-7+squeeze29 CVE ID : CVE-2015-2305 CVE-2015-2348 CVE-2015-2305 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow...

DLA-444-1 php5 - security update

Bulletin has no description...

openSUSE Security Update : php5 (openSUSE-2016-157)

This update for php5 fixes the following issues : - CVE-2015-7803: Specially crafted .phar files with a crafted TAR archive entry allowed remote attackers to cause a Denial of Service DoS bsc949961 - CVE-2016-1903: Specially crafted image files could could allow remote attackers read unspecified...

openSUSE Security Update : php5 (openSUSE-2016-100)

This update for php5 fixes the following issues : - CVE-2015-7803: Specially crafted .phar files with a crafted TAR archive entry allowed remote attackers to cause a Denial of Service DoS bsc949961 - CVE-2015-7804: Specially crafted .phar files with a crafted ZIP archive entry referencing a file...

SUSE-SU-2016:0284-1 Security update for php5

This update for php5 fixes the following issues: - CVE-2015-7803: Specially crafted .phar files with a crafted TAR archive entry allowed remote attackers to cause a Denial of Service DoS bsc949961 - CVE-2016-1903: Specially crafted image files could could allow remote attackers read unspecified...

Debian DLA-341-1 : php5 security update

CVE-2015-6831 Use after free vulnerability was found in unserialize function. We can create ZVAL and free it via Serializable::unserialize. However the unserialize will still allow to use R: or r: to set references to that already freed memory. It is possible to use-after-free attack and execute...