5 matches found
Fedora 8 : php-Smarty-2.6.20-2.fc8 (2008-9401)
Sun Nov 2 2008 Christopher Stone 2.6.20-2 - Add security patch bz 469648 - Add RHL dist tag conditional for Requires - Mon Oct 13 2008 Christopher Stone 2.6.20-1 - Upstream sync Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...
CVE-2008-4810
The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and 1 a dollar-sign character, aka "php executed in templates;" and 2 a double quoted literal string, aka a "function...
Code injection
The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and 1 a dollar-sign character, aka "php executed in templates;" and 2 a double quoted literal string, aka a "function...
CVE-2008-4810
The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and 1 a dollar-sign character, aka "php executed in templates;" and 2 a double quoted literal string, aka a "function...
Smarty 2.6.20 php injection
2008-10-22 числа Secunia.com была найдена уязвимость в функции expandquotedtext полный текст http://secunia.com/Advisories/32329/. Разработчики попытались исправить уязвимость как видно из их кода http://smarty-php.googlecode.com/svn/trunk/libs/SmartyCompiler.class.php путем экранированием символ...