1196 matches found
CVE-2014-3782
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 double extension or 2 .php5, 3 .phtml, or some other PHP file extension...
Debian DSA-2943-1 : php5 - security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development : - CVE-2014-0185 The default PHP FPM socket permission has been changed from 0666 to 0660 to mitigate a security vulnerability CVE-2014-0185 in PHP FPM that allowed any...
Debian: Security Advisory (DSA-2943-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Symfony: Information disclosure
Background Symfony is a professional, open-source PHP5 web development framework. Description Symfony does not properly sanitize input for upload requests. Impact A remote attacker could send a specially crafted file upload request, possibly resulting in disclosure of sensitive information...
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : php5 vulnerability (USN-2163-1)
It was discovered that PHP's embedded libmagic library incorrectly handled PE executables. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security...
Ubuntu Update for php5 USN-2163-1
Check for the Version of php5 OpenVAS Vulnerability Test $Id: gbubuntuUSN21631.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for php5 USN-2163-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...
Ubuntu: Security Advisory (USN-2163-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Zend Framework XML外部实体和安全绕过漏洞
Bugtraq ID:66358 Zend Framework是一款开放源代码的PHP5开发框架实现。 Zend Framework存在多个安全漏洞: 1,处理XML实体时存在错误,允许攻击者通过特制的包含外部实体引用的XML文档来获取本地文件内容或消耗服务器资源。 2,ZendOpenId和ZendOpenId consumer的登录机制存在错误,允许攻击者利用漏洞无需任意验证凭据伪造其他用户/身份。 0 Zend Framework 1.x Zend Framework 1.12.4已经修复该漏洞,建议用户下载更新: http://framework.zend.com...
E-Commerce system ShopNC multiple vulnerabilities(may be violence getshell)-vulnerability warning-the black bar safety net
Introduction ShopNC is a S is to network city create want to the company's service to business customers in the e-Commerce system, based on PHP5 technology uses the MVC pattern development, this article describes shopnc multiple vulnerabilities combined,can be getshell a little violent-- Any file...
Ubuntu: Security Advisory (USN-2126-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : php5 vulnerabilities (USN-2126-1)
Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. CVE-2014-1943 It was discovered that PHP incorrectly handled certain values whe...
Ubuntu Update for php5 USN-2126-1
Check for the Version of php5 OpenVAS Vulnerability Test $Id: gbubuntuUSN21261.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for php5 USN-2126-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...
PHP5 Hash Collision Denial Of Service - Ver2 (CVE-2011-4885)
A denial-of-service vulnerability has been reported in PHP. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Debian DSA-2868-1 : php5 - denial of service
It was discovered that file, a file type classification tool, contains a flaw in the handling of 'indirect' magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID...
[SECURITY] [DSA 2868-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2868-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 02, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2868-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2868-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 02, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2868-1 (php5 - denial of service)
It was discovered that file, a file type classification tool, contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID...
DSA-2868-1 php5 - denial of service
Bulletin has no description...
Debian: Security Advisory (DSA-2868-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8683 / 8684)
This update fixes the following issues : - memory corruption in opensslparsex509. CVE-2013-6420 - Heap buffer over-read in DateInterval. CVE-2013-6712 - man-in-the-middle attacks by specially crafting certificates CVE-2013-4248 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...