EUVD-2008-1862

Malware in sbrugna...

CVE-2018-19836

In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers including the Cookie header, and common.inc.php allows registering variables from the $COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such ...

FreeBSD : php -- _ecalloc Integer Overflow Vulnerability (e329550b-54f7-11db-a5ae-00508d6a62df)

Stefan Esser reports : The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch. It was discovered that such an integer overfl...

Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: PHP unserialize Array Creation Integer Overflow Release Date: 2006/10/09 Last Modified: 2006/10/09 Author: Stefan Esser [email protected] Application: PHP 5 = 5.1.6, PHP...

php -- _ecalloc Integer Overflow Vulnerability

Stefan Esser reports: The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch. It was discovered that such an integer overflo...

security flaw

phpvariables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via 1 GET, 2 POST, or 3 COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length...

CVE-2004-0958

phpvariables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via 1 GET, 2 POST, or 3 COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length...