408 matches found
security flaw
The memorylimit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when registerglobals is enabled, allows remote attackers to execute arbitrary code by triggering a memorylimit abort during execution of the zendhashinit function and overwriting a...
Important: Red Hat Security Advisory: php security update
Updated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memorylimit configuration setting is enabled in versions of PHP 4 before 4.3.8. If a remote attacker...
CVE-2004-0594
The memorylimit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when registerglobals is enabled, allows remote attackers to execute arbitrary code by triggering a memorylimit abort during execution of the zendhashinit function and overwriting a...
PT-2004-1690 · Php · Php
Name of the Vulnerable Software and Affected Versions: PHP versions 4.3.7 and prior PHP versions 5.0.0RC3 and prior Description: The issue allows remote attackers to execute arbitrary code under certain conditions, such as when register globals is enabled. This is achieved by triggering a memory...
[Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: PHP memorylimit remote vulnerability Release Date: 2004/07/14 Last Modified: 2004/07/14 Author: Stefan Esser [email protected] Application: PHP = 4.3.7 PHP5 = 5.0.0RC3 Severity: A...
php -- memory_limit related vulnerability
Stefan Esser of e-matters discovered a condition within PHP that may lead to remote execution of arbitrary code. The memorylimit facility is used to notify functions when memory contraints have been met. Under certain conditions, the entry into this facility is able to interrupt functions such as...
RHEL 2.1 : php (RHSA-2002:214)
PHP versions up to and including 4.2.2 contain vulnerabilities in the mail function, allowing local script authors to bypass safe mode restrictions and possibly allowing remote attackers to insert arbitrary mail headers or content. Updated 13 Jan 2003 Added fixed packages for the Itanium IA64...
CVE-1999-1518
Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits e.g., as specified with rlimits using mmap or shmget to allocate memory and cause page faults...