[Full-disclosure] PHP 5.2.6 chdir(), ftok() (standard ext) safe_mode bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.6 chdir,ftok standard ext safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 securityreason.com Date: - - Written: 10.05.2008 - - Public: 17.06.2008 SecurityReason Research SecurityAlert Id: 55 CVE: CVE-2008-2666 CWE: CWE-264 SecurityRisk...

Debian DSA-1572-1 : php5 - several vulnerabilities

Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3806 The glob function allows context-dependent attackers to cause a denial of service and possibly...

PHP 5 php_sprintf_appendstring()函数整数溢出漏洞

BUGTRAQ ID: 28392 CVECAN ID: CVE-2008-1384 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP formattedprint.c文件的printf函数存在整数溢出漏洞，能够执行PHP脚本的攻击者可能利用此漏洞提升权限。 在formattedprint.c文件的phpsprintfappendstring函数中： - ---formattedprint.c-start--- inline static void phpsprintfappendstringchar buffer, int pos, int siz...

tk security update

CentOS Errata and Security Advisory CESA-2008:0136 Updated tk packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 22 February 2008 The packages in this...

Debian: Security Advisory (DSA-860-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1412-1 : ruby1.9 - programming error

Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5162 It was discovered that the Ruby HTTPS module performs insufficient validation of SSL certificates, whic...

[SECURITY] [DSA 1412-1] New ruby1.9 packages fix insecure SSL certificate validation

------------------------------------------------------------------------ Debian Security Advisory DSA-1412-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2007 http://www.debian.org/security/faq -...

DSA-1412-1 ruby1.9 - possible man-in-the-middle attacks

Bulletin has no description...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. An SSL certifica...

[SECURITY] Fedora 7 Update: ruby-1.8.6.110-1.fc7

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

[SECURITY] Fedora Core 6 Update: ruby-1.8.5.113-1.fc6

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

RHEL 3 : php (RHSA-2007:0889)

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server...

Mandrake Linux Security Advisory : php (MDKSA-2007:187)

Numerous vulnerabilities were discovered in the PHP scripting language that are corrected with this update. An integer overflow in the substrcompare function allows context-dependent attackers to read sensitive memory via a large value in the length argument. This only affects PHP5 CVE-2007-1375....

PHP 4.4.7/5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass

Affected Products: Philip Olausson Reported: 2007-06-05 Released: 2007-08-30 CVE: CVE-2007-3997 Issue: A vulnerability exists in PHP's MySQL and MySQLi extenstions which can be used to bypass PHP's safemode security restriction. Description: PHP is a widely-used general-purpose scripting language...

php524-basedir.txt

Application: PHP dll . / Bug: openbasedir bypass & code exec & denial of service/some people call this as a buffer overflow , but it's a denial of service./ special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept ...

PHP < 5.2.4 setlocale() denial of service

Application: PHP 5.2.4 Web Site: http://php.net Platform: unix Bug: denial of service fonction: setlocale special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Greets 5 Credits =========== 1 Introduction...

Debian DSA-1331-1 : php4 - several vulnerabilities

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0207 Stefan Esser discovered HTTP respons...

Modify the PHP core Backdoor implementation-vulnerability warning-the black bar safety net

Developing A PHP Core Backdoor Author: wofeiwo/I non-I wofeiwoatgmaildotcom Directory 1Foreword 2The advantages and disadvantages of 3design 4functions to achieve 5reference to documents 6some description 1Foreword PHP is a very popular web server side script language. At present, many web...

PT-2007-4304 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.2.3 Description: The issue allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. This might also involve the realpath function...

Debian DSA-1296-1 : php4 - missing input sanitising

It was discovered that the ftp extension of PHP, a server-side, HTML-embedded scripting language performs insufficient input sanitising, which permits an attacker to execute arbitrary FTP commands. This requires the attacker to already have access to the FTP server. %NASLMINLEVEL 70300 C Tenable...