SuSE 11.2 Security Update : PHP5 (SAT Patch Number 8710)

This update fixes the following issues : - memory corruption in opensslparsex509. CVE-2013-6420 - man-in-the-middle attacks by specially crafting certificates CVE-2013-4248 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Ubuntu: Security Advisory (USN-2055-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

TYPO3 Extbase ActionController类跨站脚本漏洞

TYPO3是一款基于PHP4/PHP5+MYsql的内容管理系统。 TYPO3 Extbase ActionController类中的errorAction方法不正确校验错误消息，允许远程攻击者利用漏洞构建恶意URI，诱使用户解析，当恶意数据被查看时可获取敏感信息或者劫持用户会话。 0 TYPO3 4.5.0 TYPO3 4.5.31 TYPO3 4.7.0 TYPO3 4.7.16 TYPO3 6.0.0 TYPO3 6.0.11 TYPO3 6.1.0 TYPO3 6.1.6 TYPO3 6.2 厂商补丁： TYPO3 ----- TYPO3 4.5.32, 4.7.17,...

FreeBSD : PHP5 -- memory corruption in openssl_x509_parse() (47b4e713-6513-11e3-868f-0025905a4771)

Stefan Esser reports : The PHP function opensslx509parse uses a helper function called asn1timetotimet to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes...

Debian DSA-2816-1 : php5 - several vulnerabilities

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2013-6420 Stefan Esser reported possible memory corruption in opensslx509parse. -...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : php5 vulnerabilities (USN-2055-1)

Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2013-6420 It was discovered that PHP incorrectly handled DateInterval objects. An attack...

PHP5 -- memory corruption in openssl_x509_parse()

Stefan Esser reports: The PHP function opensslx509parse uses a helper function called asn1timetotimet to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes...

[SECURITY] [DSA 2816-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2816-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst December 12, 2013 http://www.debian.org/security/faq -...

DSA-2816-1 php5 - several

Bulletin has no description...

Debian: Security Advisory (DSA-2816-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[FoxOne] Free OSINT Tool - Server Reconnaissance Scanner

FoxOne is a free OSINT tool, described by the author th3j35t3r as a Non-Invasive and Non-Detectable Server Reconnaissance Scanner. Bypassing API limitations and currently detecting 6500+ vulnerable server paths/files – without ever touching the target server. Very good for getting hold of intel o...

SilverStripe Framework CMS 3.0.5 Cross Site Scripting

Title: ====== SilverStripe Framework CMS 3.0.5 - Multiple Vulnerabilities Date: ===== 2013-09-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1084 VL-ID: ===== 1084 Common Vulnerability Scoring System: ==================================== 3.9 Introduction:...

Ubuntu Update for php5 USN-1937-1

Check for the Version of php5 OpenVAS Vulnerability Test $Id: gbubuntuUSN19371.nasl 8466 2018-01-19 06:58:30Z teissa $ Ubuntu Update for php5 USN-1937-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

Ubuntu: Security Advisory (USN-1937-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : php5 vulnerability (USN-1937-1)

It was discovered that PHP did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable Network Security has...

USN-1937-1: PHP vulnerability

It was discovered that PHP did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...

Debian DSA-2742-1 : php5 - interpretation conflict

It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with insufficient CA-level checks, this could be...

Debian Security Advisory DSA 2742-1 (php5 - interpretation conflict)

It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with insufficient CA-level checks, this could be...

Debian: Security Advisory (DSA-2742-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8087 / 8088)

The following security issues have been fixed : - bnc828020:. CVE-2013-4635 - Integer overflow in SdnToJewish - bnc829207:. CVE-2013-4113 - heap corruption due to badly formed xml %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...