CVE-2026-40997

Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview UmbracoForms is a tool that makes creating contact forms, entry forms and questionnaires just as easy as using Word. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the dynamic SOAP client generation...

UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation

Impact Within Umbraco Forms, configuring a malicious URL on the Webservice data source can result in Remote Code Execution. This affects all Umbraco Forms versions running on .NET Framework up to and including version 8. Patches The affected Umbraco Forms versions are all End-of-Life EOL and not...

BIT-LIBPHP-2021-21702 Null Dereference in SoapClient

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash...

activemq:activemq (=1.1), activemq:activemq-optional (=3.2) +53 more potentially affected by CVE-2023-51441 via axis:axis (>=1.2 <=1.3)

axis:axis MAVEN version =1.2, =1.2.5, =4.0, =1.6, =1.1, =1.0.0, =1.0.0, =1.0.0, =1.1.3 and more Source cves: CVE-2023-51441 Source advisory: OSV:GHSA-HR2C-P8RH-238H...

SUSE CVE-2015-4147

The SoapClient::call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that defaultheaders is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a...

SUSE CVE-2016-3185

The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service type confusion and application crash via crafted...

Fixed CVE-2021-21702 in php

CVE-2021-21702: Fix null pointer dereference in Soap Client...

CLSA-2022-1659638964 Fixed CVE-2021-21702 in php

CVE-2021-21702: Fix null pointer dereference in Soap Client...

CLSA-2022-1659637689 Fixed CVE-2021-21702 in php

CVE-2021-21702: fix null pointer dereference in Soap Client...

The vulnerability of the soapclient::__call method in the PHP language interpreter allows a hacker to execute arbitrary code.

The vulnerability of the soapclient::call method in the PHP language interpreter is related to an error in data processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CLSA-2022-1643747494 Fix of CVE: CVE-2020-7071, CVE-2020-7068, CVE-2020-7069, CVE-2020-7070, CVE-2021-21702

CVE-2020-7068: php: Use of freed hash key in the pharparsezipfile function - CVE-2020-7069: php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV - CVE-2020-7070: php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server -...

php: NULL pointer dereference in SoapClient

A NULL pointer dereference issue is in the SOAP extension of PHP. More specifically, the flaw occurs in the SoapClient when parsing a WSDL document due to improper checking of a child node name. A malicious or compromised server replies with a crafted WSDL document, leading to a denial of service...

activemq:activemq (=1.1), activemq:activemq-optional (=3.2) +325 more potentially affected by CVE-2012-5784 via axis:axis (>=1.2 <=1.4)

axis:axis MAVEN version =1.2, =1.2.5, =1.1.0, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2012-5784 Source advisory: OSV:GHSA-55W9-C3G2-4RRH...

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A buffer overflow flaw was found in the PHP 'soap' extension, regarding the handling of an HTTP redirect response when using the SOAP client provided by this extension with an untrusted SOAP server...

php: type confusion issue in Soap Client call() method

The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service NULL pointer dereference, type confusion, and application crash or possibly execute...

The vulnerability of the PHP interpreter allows attackers to trigger a service failure or execute arbitrary code.

The vulnerability of the SoapClient component implementation in the PHP interpreter is related to errors in data type mixing. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures or execute arbitrary code resulting in the termination of the applicatio...

Ubuntu 15.10 : php5 regression (USN-2952-2)

USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem. We apologize for the inconvenience. It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A...

USN-2952-2: PHP regression

USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the PHP Zip extension incorrectly handled directories when...

PHP Denial of Service Vulnerability (CNVD-2016-02638)

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A denial of service vulnerability exists in PHP's Soap client. A remote attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code...