Fedora 12 : maniadrive-1.2-22.fc12 / php-5.3.3-1.fc12 / php-eaccelerator-0.9.6.1-2.fc12 (2010-11428)

Update to PHP 5.3.3 Security Enhancements and Fixes in PHP 5.3.3: Rewrote varexport to use smartstr rather than output buffering, prevents data disclosure if a fatal error occurs CVE-2010-2531. Fixed a possible resource destruction issues in shmputvar. Fixed a possible information leak because of...

CVE-2010-3065

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

Default configuration

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

DSA-2089-1 php5 - several vulnerabilities

Bulletin has no description...

PHP 5.2 < 5.2.14 Multiple Vulnerabilities

According to its banner, the version of PHP 5.2 installed on the remote host is older than 5.2.14. Such versions may be affected by several security issues : - An error exists when processing invalid XML-RPC requests that can lead to a NULL pointer dereference. bug 51288 CVE-2010-0397 - An error...

Mandriva Update for php MDVSA-2010:139 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2010:139 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

DEV WMS Multiple Vulnerabilities

---------------------------------------------------------------- Script : DEV WMS Type : Multiple Vulnerabilities Local file inclusion / Cross Site Scripting / SQL Injection Alert : High ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Cra...

devwms-lfisqlxss.txt

---------------------------------------------------------------- Script : DEV WMS Type : Multiple Vulnerabilities Local file inclusion / Cross Site Scripting / SQL Injection Alert : High ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Cra...

[Full-disclosure] two bytehoard bugs

Application: Bytehoard Versions: 2.1 alpha to epsilon Release Date: 2007-11-26 Author: Ernesto Alvarez / Activesec SA Kudos to: Rodrigo Seguel / Activesec SA for suggesting the session destruction approach Contact info: ealvarez at activesec biz Developer response: None. No response to mail, foru...

bytehoard-multi.txt

Application: Bytehoard Versions: 2.1 alpha to epsilon Release Date: 2007-11-26 Author: Ernesto Alvarez / Activesec SA Kudos to: Rodrigo Seguel / Activesec SA for suggesting the session destruction approach Contact info: ealvarez at activesec biz Developer response: None. No response to mail, foru...

saforum 注射漏洞

saforum是国内安全研究人员修改过的saforum论坛,但是代码中有一点瑕疵导致可能被获取管理员权限: \include\common.php 行4149引入没有过滤的变量 ------cut----------------- ifgetenv'HTTPCLIENTIP' $onlineip = getenv'HTTPCLIENTIP'; elseifgetenv'HTTPXFORWARDEDFOR' $onlineip = getenv'HTTPXFORWARDEDFOR'; elseifgetenv'REMOTEADDR' $onlineip =...

[Full-disclosure] POWER PHLOGGER v.2.2.5 &#40;username&#41; SQL Injection

POWER PHLOGGER v.2.2.5 username SQL Injection Author: Attila Gerendi Darkz Date: June 25, 2007 Package: POWER PHLOGGER http://www.phpee.com/ Versions Affected: v.2.2.5 Other versions may also be affected Severity: SQL Injection Description: Input passed to the "username" parameter in "login.php"...

IlohaMail Arbitrary File Access via Session Variable Vulnerability

The target is running at least one instance of IlohaMail version 0.7.11 or earlier. Such versions contain a flaw in the processing of the session variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user, provided the filesystem backend is in use...

IlohaMail Arbitrary File Access via Session Variable Vulnerability

The target is running at least one instance of IlohaMail version 0.7.11 or earlier. Such versions contain a flaw in the processing of the session variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user, provided the filesystem backend is in use...