Fedora 29 : php (2019-f07db8f031)

PHP version 7.2.21 01 Aug 2019 Date: - Fixed bug php69044 discrepency between time and microtime. krakjoe EXIF: - Fixed bug php78256 heap-buffer-overflow on exifprocessusercomment. CVE-2019-11042 Stas - Fixed bug php78222 heap-buffer-overflow on exifscanthumbnail. CVE-2019-11041 Stas Fileinfo: -...

CVE-2019-0985

CVE-2019-0985 is a remote code execution vulnerability in Microsoft Speech API (SAPI) triggered by text-to-speech input. The issue arises when TTS content invoked via scripting is processed in memory, potentially allowing arbitrary code execution in the context of the current user. How it is expl...

PHP 5.6.x < 5.6.13 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.13. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free memory errors exist related to the unserialize function, which a remote attacker can exploit to execute arbitra...

Updated php-phpmailer packages fix security vulnerability

Debugoutput wasn't set in constructor according to SAPI in use, resulting in potential XSS in default debug output...

Scientific Linux Security Update : php on SL7.x x86_64 (20160811) (httpoxy)

Security Fixes : - It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker- controlled proxy via a malicious HTTP request. CVE-2016-5385 Bug Fix...

CentOS Update for php CESA-2016:1613 centos7

Check the version of php SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882542";...

RHEL 7 : php (RHSA-2016:1613) (httpoxy)

An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Moderate: Red Hat Security Advisory: php security and bug fix update

An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

UBUNTU-CVE-2015-8935

The sapiheaderop function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting XSS attacks against Internet Explorer by leveraging ...

PHP 5.5.x < 5.5.24 Multiple Vulnerabilities

According to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.24. It is, therefore, affected by multiple vulnerabilities : - An unspecified use-after-free error exists in the zendsharedmemdup function within file ext/opcache/zendsharedalloc.c that allows an...

Fedora 19 : php-5.5.12-1.fc19 (2014-5984)

Notice: to fix CVE-2014-0185 this version change default php-fpm unix domain socket permission to 660 instead of 666. Check your configuration if php-fpm use UDS default configuration use a network socket. Upstream Changelog: 01 May 2014, PHP 5.5.12 Core : - Fixed bug 61019 Out of memory on comma...

Fedora 20 : php-5.5.12-1.fc20 (2014-5960)

Notice: to fix CVE-2014-0185 this version change default php-fpm unix domain socket permission to 660 instead of 666. Check your configuration if php-fpm use UDS default configuration use a network socket. Upstream Changelog: 01 May 2014, PHP 5.5.12 Core : - Fixed bug 61019 Out of memory on comma...

RHEL 5 : php53 (RHSA-2013:1307)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1307 advisory. - php: paths with NULL character were considered valid CVE-2006-7243 - PHP: sapiheaderop %0D sequence handling security bypass CVE-2011-1398...

PHP: sapi_header_op() %0D sequence handling security bypass

The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...

PT-2012-5362 · Microsoft +3 · Internet Explorer +3

Name of the Vulnerable Software and Affected Versions: PHP versions 5.4.0RC2 through 5.4.0 Description: The issue arises from the sapi header op function in main/SAPI.c, which fails to properly determine a pointer during checks for %0D sequences, allowing remote attackers to bypass an HTTP...

Design/Logic Flaw

The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...

CVE-2011-1398

The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...

Fedora 16 : maniadrive-1.2-32.fc16.6 / php-5.3.14-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.6 (2012-9762)

The PHP development team would like to announce the immediate availability of PHP 5.3.14. All users of PHP are encouraged to upgrade to PHP 5.3.14. The release fixes multiple security issues: A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension. PHP 5.3.14...

PHP 5.2.x Remote Code Execution Vulnerability

Release Date: 17 February 2012 Affected Versions: 5.2.0 - 5.2.17 unsupported version ------------------------------------------------------------------------------------------ Description: If PHP bails out in startup stage before setting PGmodulesactivated to 1, the filterglobals struct is not...

PHP <5.2.7 SAPI php_getuid() Safe Mode 限制绕过漏洞

No description provided by source...