412 matches found
PHP 5.1.6 - Mb_Parse_Str Function Register_Globals Activation
PHP 5.1.6 - MbParseStr Function RegisterGlobals Activation source: https://www.securityfocus.com/bid/23016/info PHP is prone to a weakness that allows attackers to enable the 'registerglobals' directive because the application fails to handle a memory-limit exception. Enabling the PHP...
PHP 5.1.6 - Mb_Parse_Str Function Register_Globals Activation
source: https://www.securityfocus.com/bid/23016/info PHP is prone to a weakness that allows attackers to enable the 'registerglobals' directive because the application fails to handle a memory-limit exception. Enabling the PHP 'registerglobals' directive may allow attackers to further exploit...
MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability
Summary The sessionregenerateid function that is used to generate a new session identifier fails to clear an already freed pointer to the former session identifier before calling the session identifier generator. When this generator triggers an error this can result in a double free that is easil...
MOPB-03-2007:PHP Variable Destructor Deep Recursion Stack Overflow
Summary The last vulnerability for today is similar to the second one. This time the bug is however a deep recursion bug in the Zend Engine variable destruction. User input is parsed in an iterative way which allows the creation of very deeply nested array structures from user input. However when...
SUSE-SA:2006:052: php4,php5
The remote host is missing the patch for the advisory SUSE-SA:2006:052 php4,php5. Various security problems have been fixed in the PHP script language engine and its modules, versions 4 and 5. The PHP4 updated packages were released on September 12, the PHP5 update packages were released on...
security flaw
Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memorylimit restriction...
security flaw
Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memorylimit restriction...
security flaw
The parsestr function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the registerglobals directive via inputs that cause a request to be terminated due to the memorylimit setting, which causes PHP to set an internal flag that...
security flaw
The parsestr function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the registerglobals directive via inputs that cause a request to be terminated due to the memorylimit setting, which causes PHP to set an internal flag that...
security flaw
The parsestr function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the registerglobals directive via inputs that cause a request to be terminated due to the memorylimit setting, which causes PHP to set an internal flag that...
php < 4.3.8
The remote host is running a version of PHP 4.3 which is older or equal to 4.3.7. PHP is a scripting language which acts as a module for Apache or as a standalone interpreter. There is a bug in the remote version of this software which may allow an attacker to execute arbitrary code on the remote...
php < 4.3.8
The remote host is running a version of PHP 4.3 which is older or equal to 4.3.7. There is a bug in the remote version of this software which may allow an attacker to execute arbitrary code on the remote host if the option memorylimit is set. Another bug in the function striptags may allow an...
[Full-disclosure] Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str()
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: PHP registerglobals Activation Vulnerability in parsestr Release Date: 2005/10/31 Last Modified: 2005/10/31 Author: Stefan Esser [email protected] Application: PHP4 =...
CVE-2004-0491
The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit...
CVE-2004-1191
Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages."...
PHP <= 4.3.7/ 5.0.0RC3 memory_limit Remote Exploit
Exploit for linux platform in category remote exploits ================================================== PHP = 4.3.7/ 5.0.0RC3 memorylimit Remote Exploit ================================================== / Remote exploit for the php memorylimit vulnerability found by Stefan Esser in php 4 = 4.3...
PHP 4.3.7/5.0.0RC3 - 'memory_limit' Remote Overflow
/ Remote exploit for the php memorylimit vulnerability found by Stefan Esser in php 4 include include include include include define IP "127.0.0.1" define PORT 80 int sock; struct sockaddrin s;...
Debian DSA-531-1 : php4 - several vulnerabilities
Two vulnerabilities were discovered in php4 : - CAN-2004-0594 The memorylimit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when registerglobals is enabled, allows remote attackers to execute arbitrary code by triggering a memorylimit abort during...
GLSA-200407-13 : PHP: Multiple security vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200407-13 PHP: Multiple security vulnerabilities Several security vulnerabilities were found and fixed in version 4.3.8 of PHP. The striptags function, used to sanitize user input, could in certain cases allow tags containing \0...
Mandrake Linux Security Advisory : php (MDKSA-2004:068)
"Stefan Esser discovered a remotely exploitable vulnerability in PHP where a remote attacker could trigger a memorylimit request termination in places where an interruption is unsafe. This could be used to execute arbitrary code. As well, Stefan Esser also found a vulnerability in the handling of...