10 matches found
PHP POST File Upload PHP GLOBALS Variable Overwrite Security Bypass - Ver2 (CVE-2005-3390)
A security bypass vulnerability has been reported in PHP. A remote attacker could exploit this vulnerability via a multipart/form-data POST request with a "GLOBALS" fileupload field. Successful exploitation of this vulnerability could allow a remote attacker to bypass security protections of PHP...
Joomla! < 1.0.11 Unspecified Remote Code Execution
The version of Joomla! installed on the remote host is affected by a remote code execution vulnerability in the includes/PEAR/PEAR.php script. An unauthenticated, remote attacker can exploit this to execute arbitrary code, subject to the privileges of the web server user ID. Note that successful...
SUSE-SA:2005:069: php4,php5
The remote host is missing the patch for the advisory SUSE-SA:2005:069 php4,php5. Updated PHP packages fix the following security issues: - Stefan Esser found out that a bug in parsestr could lead to activation of registerglobals CVE-2005-3389 and additionally that file uploads could overwrite...
RHEL 3 / 4 : php (RHSA-2005:831)
Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...
Fedora Core 3 : php-4.3.11-2.8 (2005-1061)
This update includes several security fixes : - fixes for prevent malicious requests from overwriting the GLOBALS array CVE-2005-3390 - a fix to stop the parsestr function from enabling the registerglobals setting CVE-2005-3389 - fixes for Cross-Site Scripting flaws in the phpinfo output...
RHEL 2.1 : php (RHSA-2005:838)
Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. ...
php security update
CentOS Errata and Security Advisory CESA-2005:1110-001 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded...
php security update
CentOS Errata and Security Advisory CESA-2005:838-01 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...
Moderate: Red Hat Security Advisory: php security update
Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...
CVE-2005-3390
CVE-2005-3390 : The RFC1867 file upload feature in PHP 4.x (up to 4.4.0) and PHP 5.x (up to 5.0.5) can be exploited when register_globals is enabled to modify the GLOBALS array via a multipart/form-data POST with a field named “GLOBALS,” bypassing PHP application protections. This remote-access i...