Mageia: Security Advisory (MGASA-2014-0430)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2007-3205

The parsestr function in 1 PHP, 2 Hardened-PHP, and 3 Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the...

Gentoo Security Advisory GLSA 201412-10

Gentoo Linux Local Security Checks GLSA 201412-10 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Multiple packages, Multiple vulnerabilities fixed in 2012

Background For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Description Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. EGroupware VTE Layer Four...

Updated php packages fix security vulnerabilities

An integer overflow flaw in PHP's unserialize function was reported. If unserialize were used on untrusted data, this issue could lead to a crash or potentially information disclosure CVE-2014-3669. A heap corruption issue was reported in PHP's exifthumbnail function. A specially-crafted JPEG ima...

PHP Secure Configuration Checker - Check current PHP configuration for potential security flaws

Among the most tedious tasks of PHP security testing is the check for insecure PHP configuration. As a successor of our PHP Security Poster, we have created a script to help system administrators as well as security professionals to assess the state of php.ini and related topics as quickly and as...

CKEditor 4.0.1 - Multiple Vulnerabilities

CKEditor 4.0.1 - Multiple Vulnerabilities =========================================== Vulnerable Software: ckeditor 4.0.1 standard Download: http://download.cksource.com/CKEditor/CKEditor/CKEditor%204.0.1/ckeditor4.0.1standard.zip Vulns: Full Path Disclosure && XSS...

CVE-2012-0807

CVE-2012-0807 describes a stack-based buffer overflow in the suhosin_encrypt_single_cookie function of the Suhosin PHP extension (prior to 0.9.33) when suhosin.cookie.encrypt and suhosin.multiheader are enabled. An attacker could trigger the overflow by using a long string in a Set-Cookie header,...

Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow Release Date: 2012/01/19 Last Modified: 2012/01/19 Author: Stefan Esser stefan.esseratsektioneins.de...

Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow Release Date: 2012/01/19 Last Modified: 2012/01/19 Author: Stefan Esser stefan.esseratsektioneins.de...

Remote Code Execution in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Remote Code Execution. Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.8, 4.6.0 and 4.6.1 + development releases of 4.7 branch Vulnerability Types: Remote Code Execution Overall Severity: Critical Release Date: December 16, 201...

Fedora 16 : phpMyAdmin-3.4.4-1.fc16 (2011-11477)

Changes for 3.4.4.0 2011-08-24 : - parser SQL parser breaks AJAX requests if query has unclosed quotes - parser Invalid escape sequence in SQL parser - config $cfg'Export''asfile' set to false does not select as Text option - export Working SQL query exports error page - interface 'Create an inde...

Fedora 15 : phpMyAdmin-3.4.4-1.fc15 (2011-11630)

Changes for 3.4.4.0 2011-08-24 : - parser SQL parser breaks AJAX requests if query has unclosed quotes - parser Invalid escape sequence in SQL parser - config $cfg'Export''asfile' set to false does not select as Text option - export Working SQL query exports error page - interface 'Create an inde...

Mandriva Update for php MDVA-2010:163 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVA-2010:163 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Mandriva Update for php MDVA-2010:163 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVA-2010:163 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

MDVA-2010:163 : php

This is a maintenance update that upgrades php to the latest upstream versions for CS4/MES5/2008.0/2009.0/2009.1/2010.0. Additionally some of the third party extensions and required dependencies has been upgraded. Corporate Server 4.0 with php-5.1.6 had the old Hardening-Patch 0.4.14 applied...

PHP-Nuke 7.08.18.1.35 - Wormable Remote Code Execution

PHP-Nuke 7.08.18.1.35 - Wormable Remote Code Execution !/usr/bin/php ?php / Wormable Remote Code Execution in PHP-Nuke 7.0/8.1/8.1.35newist as of release Vendor's Website:http://phpnuke.org/ Secuirty Researcher: Michael Brooks https://sitewat.ch Original Advisory:...

PHP-Nuke 7.0 / 8.1 / 8.1.35 Wormable Remote Code Execution

!/usr/bin/php ?php / Wormable Remote Code Execution in PHP-Nuke 7.0/8.1/8.1.35newist as of release Vendor's Website:http://phpnuke.org/ Secuirty Researcher: Michael Brooks https://sitewat.ch Original Advisory: http://blog.sitewat.ch/2010/05/vulnerabilities-in-php-nuke.html Google hack: "Francisco...

Wormable Remote Code Execution in PHP-Nuke 7.0/8.1/8.1.35

No description provided by source. !/usr/bin/php ?php / Wormable Remote Code Execution in PHP-Nuke 7.0/8.1/8.1.35newist as of release Vendor's Website:http://phpnuke.org/ Secuirty Researcher: Michael Brooks https://sitewat.ch Original Advisory:...

SLES10: Security update for PHP5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-modphp5 php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-devel php5-dom php5-exif php5-fastcgi php5-ftp php5-gd...