47 matches found
UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation
Impact Within Umbraco Forms, configuring a malicious URL on the Webservice data source can result in Remote Code Execution. This affects all Umbraco Forms versions running on .NET Framework up to and including version 8. Patches The affected Umbraco Forms versions are all End-of-Life EOL and not...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview UmbracoForms is a tool that makes creating contact forms, entry forms and questionnaires just as easy as using Word. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the dynamic SOAP client generation...
BIT-LIBPHP-2021-21702 Null Dereference in SoapClient
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash...
activemq:activemq (=1.1), activemq:activemq-optional (=3.2) +53 more potentially affected by CVE-2023-51441 via axis:axis (>=1.2 <=1.3)
axis:axis MAVEN version =1.2, =1.2.5, =4.0, =1.6, =1.1, =1.0.0, =1.0.0, =1.0.0, =1.1.3 and more Source cves: CVE-2023-51441 Source advisory: OSV:GHSA-HR2C-P8RH-238H...
SUSE CVE-2015-4147
The SoapClient::call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that defaultheaders is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a...
SUSE CVE-2016-3185
The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service type confusion and application crash via crafted...
Fixed CVE-2021-21702 in php
CVE-2021-21702: Fix null pointer dereference in Soap Client...
CLSA-2022-1659638964 Fixed CVE-2021-21702 in php
CVE-2021-21702: Fix null pointer dereference in Soap Client...
CLSA-2022-1659637689 Fixed CVE-2021-21702 in php
CVE-2021-21702: fix null pointer dereference in Soap Client...
CLSA-2022-1643747494 Fix of CVE: CVE-2020-7071, CVE-2020-7068, CVE-2020-7069, CVE-2020-7070, CVE-2021-21702
CVE-2020-7068: php: Use of freed hash key in the pharparsezipfile function - CVE-2020-7069: php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV - CVE-2020-7070: php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server -...
php: NULL pointer dereference in SoapClient
A NULL pointer dereference issue is in the SOAP extension of PHP. More specifically, the flaw occurs in the SoapClient when parsing a WSDL document due to improper checking of a child node name. A malicious or compromised server replies with a crafted WSDL document, leading to a denial of service...
activemq:activemq (=1.1), activemq:activemq-optional (=3.2) +325 more potentially affected by CVE-2012-5784 via axis:axis (>=1.2 <=1.4)
axis:axis MAVEN version =1.2, =1.2.5, =1.1.0, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2012-5784 Source advisory: OSV:GHSA-55W9-C3G2-4RRH...
Arbitrary Code Execution
php is vulnerable to arbitrary code execution. A buffer overflow flaw was found in the PHP 'soap' extension, regarding the handling of an HTTP redirect response when using the SOAP client provided by this extension with an untrusted SOAP server...
php: type confusion issue in Soap Client call() method
The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service NULL pointer dereference, type confusion, and application crash or possibly execute...
Ubuntu 15.10 : php5 regression (USN-2952-2)
USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem. We apologize for the inconvenience. It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A...
USN-2952-2: PHP regression
USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the PHP Zip extension incorrectly handled directories when...
PHP Denial of Service Vulnerability (CNVD-2016-02638)
PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A denial of service vulnerability exists in PHP's Soap client. A remote attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code...
Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2952-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2952-1 advisory. It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this...
USN-2952-1 php5 vulnerabilities
It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. CVE-2014-9767 It was discovered that the PHP Soap client incorrectly validated data types. A remote...
UBUNTU-CVE-2016-3185
The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service type confusion and application crash via crafted...