php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()

An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash...

php: ArrayIterator use-after-free due to object change during sorting

A use-after-free flaw was found in the way PHP handled certain ArrayIterators. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

OpenPNE vulnerable to PHP Object Injection

Overview OpenPNE contains an issue in processing Cookie headers, which may result in a PHP Object Injection vulnerability. Egidio Romano of Secunia reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote,...

php: hash table collisions CPU usage DoS (oCERT-2011-003)

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

php: FastCGI module DoS via multiple dots preceding the extension

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service crash via a request with multiple dots preceding the extension, as demonstrated using foo..php...

PHP parse_str() arbitrary variable overwrite

Title: PHP parsestr arbitrary variable overwrite Vendor: http://www.php.net/ Advisory: http://www.acid-root.new.fr/advisories/14070612.txt Author: DarkFig gmdarkfig at gmail dot com Written on: 2007/06/12 Released on: 2007/06/12 Risk level: Medium / High I.BACKGROUND Quote from php.net PHP is a...

PT-2007-4161 · Abc · Abc Excel Parser Pro

Name of the Vulnerable Software and Affected Versions: ABC Excel Parser Pro version 4.0 Description: A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the parser path parameter. Recommendations: For ABC Excel Parser Pro version 4.0, consider restricting...

security flaw

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors...

security flaw

Buffer overflow in the exifreaddata function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file...