Download
| Alert*
oval:org.secpod.oval:def:76810
The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified othe ... oval:org.secpod.oval:def:602213 Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-4598 thoger at redhat dot com discovered that paths containing a NUL character were improperly handled, thus allowing an attacker to manipulate unexpected files on the server. CVE-2015-4643 Max Spelsberg discovered an intege ... oval:org.secpod.oval:def:52590 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:109374 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:702772 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1200168 PHP process crashes when processing an invalid file with the "phar" extension. As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue oval:org.secpod.oval:def:1200107 PHP process crashes when processing an invalid file with the "phar" extension. As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue oval:org.secpod.oval:def:89045439 PHP was updated to fix two security issues. The following vulnerabilities were fixed: * CVE-2015-5589: PHP could be crashed when processing an invalid file with the phar extension with a segfault in Phar::convertToData, leading to Denial of Service * CVE-2015-5590: PHP could be crashed or have uns ... oval:org.secpod.oval:def:1200159 PHP process crashes when processing an invalid file with the "phar" extension. As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue oval:org.secpod.oval:def:504897 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary c ... |