EUVD-2012-0834

Malware in sbrugna...

EUVD-2007-3197

Malware in sbrugna...

The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.

...

SUSE CVE-2012-0807

Stack-based buffer overflow in the suhosinencryptsinglecookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long...

Mageia: Security Advisory (MGASA-2014-0430)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1633-1)

This update of PHP5 brings several security fixes. Security fixes : - CVE-2015-6831: A use after free vulnerability in unserialize has been fixed which could be used to crash php or potentially execute code. bnc942291 bnc942294 bnc942295 - CVE-2015-6832: A dangling pointer in the unserialization ...

JShielder - LAMP/LEMP Secure Deployment

JSHielder is an Open Source tool developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux server with little...

CVE-2007-3205

The parsestr function in 1 PHP, 2 Hardened-PHP, and 3 Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the...

Gentoo Security Advisory GLSA 201412-10

Gentoo Linux Local Security Checks GLSA 201412-10 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

SUSE-SU-2015:1633-1 Security update for php5

This update of PHP5 brings several security fixes. Security fixes: CVE-2015-6831: A use after free vulnerability in unserialize has been fixed which could be used to crash php or potentially execute code. bnc942291 bnc942294 bnc942295 CVE-2015-6832: A dangling pointer in the unserialization of...

Multiple packages, Multiple vulnerabilities fixed in 2012

Background For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Description Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. EGroupware VTE Layer Four...

Updated php packages fix security vulnerabilities

An integer overflow flaw in PHP's unserialize function was reported. If unserialize were used on untrusted data, this issue could lead to a crash or potentially information disclosure CVE-2014-3669. A heap corruption issue was reported in PHP's exifthumbnail function. A specially-crafted JPEG ima...

openSUSE Security Update : php5 (openSUSE-SU-2014:1133-1)

php5 was updated to fix three security issues : - Insecure temporary file use for cache data was fixed by switching to a different root only directory /var/cache/php-pear CVE-2014-5459 - An incomplete fix for CVE-2014-4049 CVE-2014-3597 - gd extension: NUL byte injection in filenames passed to...

Immunity Canvas: CVE_2014_5460

Name| CVE20145460 ---|--- CVE| CVE-2014-5460 Exploit Pack| CANVAS Description| CVE-2014-5460 Notes| CVE Name: CVE-2014-5460 VENDOR: Tribulant Changelog: https://wordpress.org/plugins/slideshow-gallery/changelog/ Notes: If the Suhosin-Patch is installed typically announced in the PHP banner the...

PHP Secure Configuration Checker - Check current PHP configuration for potential security flaws

Among the most tedious tasks of PHP security testing is the check for insecure PHP configuration. As a successor of our PHP Security Poster, we have created a script to help system administrators as well as security professionals to assess the state of php.ini and related topics as quickly and as...

WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability

No description provided by source. !/usr/bin/ruby Exploit Title: WordPress Count per Day 3.2.5 CSRF Google Dork: inurl:/wp-content/plugins/count-per-day Date: 18.03.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage:...

[ MDVSA-2014:087 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:087 http://www.mandriva.com/en/support/security/ Package : php Date : May 15, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been discovered and corrected in php: PHP FPM in PHP...

Mandriva Linux Security Advisory : php (MDVSA-2014:087)

A vulnerability has been discovered and corrected in php : PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user CVE-2014-0185. The updated php...

MGASA-2014-0215 Updated php packages fix CVE-2014-0185

Updated php packages fix security vulnerability: PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user CVE-2014-0185. Additionally updated...

Updated php packages fix CVE-2014-0185

Updated php packages fix security vulnerability: PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user CVE-2014-0185. Additionally updated...