SUSE CVE-2007-1718

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the 1 Subject or 2 To parameter, as demonstrat...

Fedora Update for php FEDORA-2007-455

Check for the Version of php OpenVAS Vulnerability Test Fedora Update for php FEDORA-2007-455 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of th...

Fedora Update for php FEDORA-2007-526

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Gentoo Security Advisory GLSA 200705-19 (php)

The remote host is missing updates announced in advisory GLSA 200705-19. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Debian: Security Advisory (DSA-1282-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 6.06 LTS / 6.10 / 7.04 : php5 vulnerabilities (USN-455-1)

Stefan Esser discovered multiple vulnerabilities in the 'Month of PHP bugs'. The substrcompare function did not sufficiently verify its length argument. This might be exploited to read otherwise unaccessible memory, which might lead to information disclosure. CVE-2007-1375 The shared memory shmop...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3289)

This Update fixes numerous vulnerabilities in PHP. Most of them were made public during the 'Month of PHP Bugs'. The vulnerabilities potentially lead to crashes, information leaks or even execution of malicious code. CVE-2007-1380, CVE-2007-0988, CVE-2007-1375, CVE-2007-1454 CVE-2007-1453,...

Important: php security update

5.1.6-12.el5 - add security fix for CVE-2007-1864, SOAP redirect handling issue, FTP CRLF injection issue 235016 5.1.6-11.el5 - add security fix for CVE-2007-1718 235016 5.1.6-9.el5 - add security fix for CVE-2007-1583 235016 - add security fixes for CVE-2007-0455, CVE-2007-1001 235036 5.1.6-7.el...

USN-455-1: PHP vulnerabilities

Stefan Esser discovered multiple vulnerabilities in the "Month of PHP bugs". The substrcompare function did not sufficiently verify its length argument. This might be exploited to read otherwise unaccessible memory, which might lead to information disclosure. CVE-2007-1375 The shared memory shmop...

[SECURITY] [DSA 1282-1] New php4 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1282-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 26th, 2006 http://www.debian.org/security/faq -...

DSA-1282-1 php4

Bulletin has no description...

Important: Red Hat Security Advisory: php security update

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix several security issues are now available for Red Hat Application Stack v1.1. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web serve...

Important: php security update

4.3.9-3.22.4 - add security fixes for CVE-2007-1285, CVE-2007-1286, CVE-2007-1583, CVE-2007-1711, CVE-2007-1718 230556 - add security fixes for CVE-2007-0455, CVE-2007-1001 235028...

CVE-2007-1718

CVE-2007-1718 is a CRLF injection vulnerability in PHP’s mail() function. The bug occurs when a subject or To header contains a control sequence after folding (notably a "\r\n\t\n"-like sequence) due to the SKIP_LONG_HEADER_SEP macro, allowing remote attackers to inject arbitrary email headers an...