12 matches found
SUSE CVE-2012-0830
The phpregistervariableex function in phpvariables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885...
CVE-2012-0830
The CVE-2012-0830 entry documents a memory corruption/remote code execution issue in PHP 5.3.9 related to an incorrect fix for CVE-2011-4885, caused by improper handling of a large number of input variables in php_register_variable_ex() within PHP’s php_variables.c. The vulnerability permits a re...
CVE-2012-0830
The phpregistervariableex function in phpvariables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885...
CVE-2012-0830
The phpregistervariableex function in phpvariables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885...
php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix
The phpregistervariableex function in phpvariables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885...
security flaw
Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...
Path traversal
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array 1 hrow parameter to a show.php or b index.php; the 2 Lsnrow parameter to c showcat.php; or the 3 rows parameter to index.php...
CVE-2006-2278
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array 1 hrow parameter to a show.php or b index.php; the 2 Lsnrow parameter to c showcat.php; or the 3 rows parameter to index.php...
CVE-2006-2278
SaphpLesson 3.0 contains an input handling flaw: it does not initialize array variables, enabling an attacker to disclose the full filesystem path via non-array parameters. The affected vectors are (1) hrow to show.php or index.php; (2) Lsnrow to showcat.php; and (3) rows to index.php. This is a ...
security flaw
Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...
Cross site scripting
Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...
php codes injection in phpMyAdmin version 2.5.7.
Software : phpMyAdmin Version : 2.5.7 Vulnerability : php codes injection Problem-Type : remote user phpMyAdmin is web-based mysql administration written in PHP. There is a vulnerability in phpMyAdmin version 2.5.7. This vulnerability would allow remote user to inject php codes to be executed by...