CentOS 7 : php (CESA-2014:1013)

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

php security update

CentOS Errata and Security Advisory CESA-2014:1013 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)

php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in...

SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 9537)

PHP 5.3 has been updated to fix several security problems : - The SPL component in PHP incorrectly anticipated that certain data structures will have the array data type after unserialization, which allowed remote attackers to execute arbitrary code via a crafted string that triggers use of a...

Information disclosure

The EasyCart wp-easycart plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function...

Mandriva Linux Security Advisory : php (MDVSA-2014:130)

Updated php packages fix security vulnerabilities : The unserialize function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types CVE-2014-3515. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT...

USN-2276-1 php5 vulnerabilities

Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487 Stefan Esser...

Debian DSA-2974-1 : php5 - security update

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-0207 Francisco Alonso of the Red Hat Security Response Team reported an...

MGASA-2014-0284 Updated php packages fix multiple vulnerabilities

Updated php packages fix security vulnerabilities: The unserialize function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types CVE-2014-3515. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT...

MGASA-2014-0283 Updated php packages fix multiple vulnerabilities

Updated php packages fix security vulnerabilities: The unserialize function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types CVE-2014-3515. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT...

Updated php packages fix multiple vulnerabilities

Updated php packages fix security vulnerabilities: The unserialize function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types CVE-2014-3515. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT...

Type confusion

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain sensitive information from process...

UBUNTU-CVE-2014-4721

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain sensitive information from process...

PT-2014-2043 · Php +5 · Mod Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.4.30 PHP versions 5.5.x prior to 5.5.14 Description: The issue is related to a "type confusion" vulnerability in the phpinfo implementation, which might allow context-dependent attackers to obtain sensitive information...

Wordpress WP-Property Plugin 1.35.0 - Arbitrary File Upload

No description provided by source. Description : Wordpress Plugins - WP-Property - WordPress Powered Real Estate and Property Management Shell Upload Vulnerability Version : 1.35.0 Link : http://wordpress.org/extend/plugins/wp-property/ Plugins :...

CuteNews 1.3 Debug Query Information Disclosure Weakness

No description provided by source. source: http://www.securityfocus.com/bid/9130/info An information disclosure weakness has been reported in CuteNews 1.3, that may expose sensitive server configuration data. The problem occurs due to CuteNews accepting a debug query that will result in the...

phpinv 0.8.0 (lfi/xss) Multiple Vulnerabilities

No description provided by source. ========================================================= PHPInv 0.8.0 LFI/XSS Multiple Remote Vulnerabilities ========================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hackin...

PHPBBMod 1.3.3 PHPInfo Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5942/info phpBBmod ships with a sample script phpinfo.php that may disclosure sensitive information to remote attackers. When this script is accessed, sensitive information about the underlying environment will be reveale...

Slaed CMS Code Exec Vulnerability

No description provided by source. Exploit Title: Slaed CMS Code exec Google Dork: Powered by SLAED CMS Date: 03.05.2011 Author: brainpillow Software Link: http://slaed.net/ Version: OpenSlaed 1.2 free, Slaed CMS = 4. On different versions of this software next vulnerabilities are availible:...

luxcal 2.7.0 - Multiple Vulnerabilities

No description provided by source. Exploit Title: LuxCal v2.7.0 Multiple Remote Vulnerabilities Date: 17/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.luxsoft.eu/ Software Link:...