Download
| Alert*
oval:org.secpod.oval:def:5830
The host is installed with PHP 5.4.3 or earlier and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to handle crafted arguments that trigger incorrect handling of COM object VARIANT types. Successful exploitation allows remote attackers to execute arbitra ... oval:org.secpod.oval:def:1600278 Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function. oval:org.secpod.oval:def:701327 php5: HTML-embedded scripting language interpreter PHP could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:202333 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query ... oval:org.secpod.oval:def:8928 The host is installed with PHP 5.3.9 through 5.3.13 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to handle the openssl_encrypt function in ext/openssl/openssl.c. Successful exploitation allows remote attackers to obtain sensitive information ... oval:org.secpod.oval:def:701145 php5: HTML-embedded scripting language interpreter PHP could be made to expose sensitive information over the network. oval:org.secpod.oval:def:600830 The Phar extension for PHP does not properly handle crafted tar files, leading to a heap-based buffer overflow. PHP applications processing tar files could crash or, potentially, execute arbitrary code. In addition, this update addresses a regression which caused a crash when accessing a global obje ... oval:org.secpod.oval:def:600798 De Eindbazen discovered that PHP, when run with mod_cgi, will interpret a query string as command line parameters, allowing to execute arbitrary code. Additionally, this update fixes insufficient validation of upload name which lead to corrupted $_FILES indices. oval:org.secpod.oval:def:202365 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ... oval:org.secpod.oval:def:202252 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execu ... oval:org.secpod.oval:def:600723 Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code. oval:org.secpod.oval:def:600722 Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code. This update adds packages oval:org.secpod.oval:def:202269 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execu ... oval:org.secpod.oval:def:202331 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query ... oval:org.secpod.oval:def:1500206 Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:500840 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ... oval:org.secpod.oval:def:1500213 Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:601071 It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely. oval:org.secpod.oval:def:5831 The host is installed with PHP before 5.4.0 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to properly handle invalid [ (open square bracket) characters in name values. Successful exploitation allows attackers to cause a denial of service or cond ... oval:org.secpod.oval:def:600730 Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1072 It was discoverd that insecure handling of temporary files in the PEAR installer could lead to denial of service. CVE-2011- ... oval:org.secpod.oval:def:500734 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execu ... oval:org.secpod.oval:def:202917 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct function to parse untrusted XML content, an attacker able to supply specially- ... oval:org.secpod.oval:def:202921 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct function to parse untrusted XML content, an attacker able to supply specially- ... oval:org.secpod.oval:def:105848 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:5756 The host is installed with PHP before 5.3.13 and 5.4.x before 5.4.3 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle query strings that lack an = (equals sign). Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:501401 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information ext ... oval:org.secpod.oval:def:1500734 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each v ... oval:org.secpod.oval:def:601707 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0207 Francisco Alonso of the Red Hat Security Response Team reported an incorrec ... oval:org.secpod.oval:def:203463 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information exte ... oval:org.secpod.oval:def:1500067 Updated php packages that fix three security issues, several bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give deta ... oval:org.secpod.oval:def:500978 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker co ... oval:org.secpod.oval:def:1500742 Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity rati ... oval:org.secpod.oval:def:6413 The host is installed with PHP before 5.3.15 or 5.4.0 before 5.4.5 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle the _php_stream_scandir function in the stream implementation. Successful exploitation has unknown impact and remote attack vector ... oval:org.secpod.oval:def:6412 The host is installed with PHP before 5.3.15 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to handle the SQLite functionality. Successful exploitation allows attackers to bypass the open_basedir protection mechanism via unspecified vectors. oval:org.secpod.oval:def:501396 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information extension processed ... oval:org.secpod.oval:def:1600089 A denial of service flaw was found in the way the File Information extension parsed certain Composite Document Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.acinclude.m4, as used in the configure script in PHP 5.5.13 ... oval:org.secpod.oval:def:202592 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker co ... oval:org.secpod.oval:def:701214 php5: HTML-embedded scripting language interpreter PHP could be made to expose sensitive information over the network. oval:org.secpod.oval:def:600866 Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2012-2688 A buffer overflow in the scandir function could lead to denial of service of the execution of arbitrary code. CVE-2012-3450 ... oval:org.secpod.oval:def:600983 Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-1635 If a PHP application accepted untrusted SOAP object input remotely from clients, an attacker could read system files readab ... oval:org.secpod.oval:def:203435 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information extension processed ... oval:org.secpod.oval:def:700999 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:6723 The host is installed with PHP before 5.3.14 or 5.4.x before 5.4.4 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted parameter value. Successful exploitation allows remote attackers to cause a denial of service (out-of-bounds read ... oval:org.secpod.oval:def:203382 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A denial of service flaw was found in the File Information extension rules for detec ... oval:org.secpod.oval:def:203389 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extensio ... oval:org.secpod.oval:def:1500666 Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed sev ... oval:org.secpod.oval:def:501353 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A denial of service flaw was found in the File Information extension rules for detec ... oval:org.secpod.oval:def:501357 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extensio ... oval:org.secpod.oval:def:501084 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct function to parse untrusted XML content, an attacker able to supply specially- ... oval:org.secpod.oval:def:500794 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query ... oval:org.secpod.oval:def:1600307 A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitra ... oval:org.secpod.oval:def:6404 The host is installed with PHP before 5.3.14 or 5.4.x before 5.4.4 and is prone to integer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted tar file. Successful exploitation allows remote attackers to cause a denial of service or possibly execute arbitrar ... oval:org.secpod.oval:def:5759 The host is installed with PHP before 5.3.13 and 5.4.x before 5.4.3 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle query strings that contain a %3D sequence but no = (equals sign) character. Successful exploitation coul ... oval:org.secpod.oval:def:5760 The host is installed with PHP before 5.3.13 and 5.4.x before 5.4.3 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle query strings that lack an = (equals sign). Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:114459 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:108766 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:107838 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:1600318 The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse notBefore and notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service via a c ... oval:org.secpod.oval:def:1500320 Updated php packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detai ... oval:org.secpod.oval:def:108122 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:1500327 Updated php53 and php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed sever ... oval:org.secpod.oval:def:106851 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:106977 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:501134 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access res ... oval:org.secpod.oval:def:105764 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:108112 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:108476 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:107853 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:106480 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:1500340 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:108379 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:106517 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:1501042 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ... oval:org.secpod.oval:def:107162 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:107440 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:108375 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:107442 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:106262 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:601168 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-6420 Stefan Esser reported possible memory corruption in openssl_x509_parse. CVE-2 ... oval:org.secpod.oval:def:501161 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certifi ... oval:org.secpod.oval:def:501163 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certifi ... oval:org.secpod.oval:def:202996 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certifi ... oval:org.secpod.oval:def:202997 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certifi ... oval:org.secpod.oval:def:109133 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:107103 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:107108 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:108587 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:106162 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:106842 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:106969 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:107129 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:603231 Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11142 Denial of service via overly long form variables CVE-2017-11143 Invalid free in wddx_deserialize CVE-2017-11144 Denial of service in openssl extension due to incorrect return value ... oval:org.secpod.oval:def:601090 It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with insufficient CA-level checks, this could be ab ... oval:org.secpod.oval:def:500839 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ... oval:org.secpod.oval:def:202381 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ... oval:org.secpod.oval:def:700906 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901711 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. oval:org.secpod.oval:def:1901713 An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to acce ... oval:org.secpod.oval:def:1901688 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. oval:org.secpod.oval:def:116731 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:1901698 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. oval:org.secpod.oval:def:116245 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:116119 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:116117 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:116238 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... |