Fedora 23 : php (2016-6b1938566f)

26 May 2016, PHP 5.6.22 Core: - Fixed bug 72172 zendhexstrtod should not use strlen. bwitz at hotmail dot com - Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. Stas - Fixed bug 72135 Integer Overflow in phphtmlentities. Stas GD: - Fixed bug 72227 imagescale out-of-bounds...

Bime: Urgent: attacker can access every data source on Bime

Vulnerability details I don't include words like "urgent" in my title very often, but I thought you might want to get onto this right away. An attacker can access the data source of any other customer on the BIME platform through the /cubemodels.json endpoint. This leaks, for example, the login...

Fedora 24 : php-5.6.21-1.fc24 (2016-f4e73663f4)

28 Apr 2016, PHP 5.6.21 Core: Fixed bug 69537 debugInfo with empty string for key gives error. krakjoe Fixed bug 71841 EGerrorzval is not handled well. Laruence BCmath: Fixed bug 72093 bcpowmod accepts negative scale and corrupts one definition. Stas Curl: Fixed bug 71831 CURLOPTNOPROXY applied a...

Fedora 23 : php-5.6.21-1.fc23 (2016-f1d98cf017)

28 Apr 2016, PHP 5.6.21 Core: Fixed bug 69537 debugInfo with empty string for key gives error. krakjoe Fixed bug 71841 EGerrorzval is not handled well. Laruence BCmath: Fixed bug 72093 bcpowmod accepts negative scale and corrupts one definition. Stas Curl: Fixed bug 71831 CURLOPTNOPROXY applied a...

SQL Injection

Overview Affected versions of sequelize cast arrays to strings and fail to properly escape the resulting SQL statement, resulting in a SQL injection vulnerability. Proof of Concept In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly...

CakePHP 2.8.3, 3.0.18, 3.1.13 and 3.2.6 Released

CakePHP 2.8.3, 3.0.18, 3.1.13 and 3.2.6 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 2.8.3, 3.0.18, 3.1.13, and 3.2.6. These releases contain security fixes. 3.2.6 and 2.8.3 also contain bugfixes. Security Fixes These releases fix a weakness in...

CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released

CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5. These releases contain security fixes. 3.2.5 and 2.8.2 also contain bugfixes. Security Fixes These...

PostgreSQL CREATE LANGUAGE Execution

Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the "untrusted" version of the language is necessary. This...

ManageEngine EventLog Analyzer - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine EventLog Analyzer Remote Code Execution', 'Description' = %q This module exploits a SQL query functionality in...

ManageEngine EventLog Analyzer Remote Code Execution Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine EventLog Analyzer Remote Code Execution', 'Description' = %q...

ManageEngine EventLog Analyzer Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine EventLog Analyzer Remote Code Execution', 'Description' = %q This module exploits a SQL query functionality in...

ManageEngine EventLog Analyzer Remote Code Execution

This module exploits a SQL query functionality in ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions. Every authenticated user, including the default "guest" account can execute SQL queries directly on the underlying Postgres database server. The queries are executed as the...

ManageEngine EventLog Analyzer 10.6 build 10060 - SQL Execution

ManageEngine EventLog Analyzer 10.6 build 10060 - SQL Execution Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication:...

ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution

Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication: 14/09/2015 Vulnerability Type: authenticated SQL query execution...

FreeBSD : php5 -- multiple vulnerabilities (cdff0af2-1492-11e5-a1cf-002590263bf5)

The PHP project reports : DOM and GD : - Fixed bug 69719 Incorrect handling of paths with NULs. FTP : - Improved fix for bug 69545 Integer overflow in ftpgenlist resulting in heap overflow. CVE-2015-4643 Postgres : - Fixed bug 69667 segfault in phppgsqlmetadata. CVE-2015-4644 %NASLMINLEVEL 70300 ...

UBUNTU-CVE-2015-4644

The phppgsqlmetadata function in pgsql.c in the PostgreSQL aka pgsql extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service NULL pointer dereference and...

php5 -- multiple vulnerabilities

The PHP project reports: DOM and GD: Fixed bug 69719 Incorrect handling of paths with NULs. FTP: Improved fix for bug 69545 Integer overflow in ftpgenlist resulting in heap overflow. CVE-2015-4643 Postgres: Fixed bug 69667 segfault in phppgsqlmetadata. CVE-2015-4644...

Fedora 20 : php-5.5.24-1.fc20 (2015-6399)

16 Apr 2015, PHP 5.5.24 Apache2handler : - Fixed bug 69218 potential remote code execution with apache 2.4 apache2handler. Gerrit Venema Core : - Fixed bug 66609 php crashes with get and ++ operator in some cases. Dmitry, Laruence - Fixed bug 67626 User exceptions not properly handled in streams...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The gda2-postgres package for the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Fedora 21 : php-5.6.8-1.fc21 (2015-6407)

16 Apr 2015, PHP 5.6.8 Core : - Fixed bug 66609 php crashes with get and ++ operator in some cases. Dmitry, Laruence - Fixed bug 68021 getbrowser browsernameregex returns non-utf-8 characters. Tjerk - Fixed bug 68917 parseurl fails on some partial urls. Wei Dai - Fixed bug 69134 Per Directory...