10 matches found
EUVD-2008-5784
Malware in sbrugna...
Cross site scripting
Cross-site scripting XSS vulnerability in PHP, possibly 5.2.7 and earlier, when displayerrors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208...
php security update
CentOS Errata and Security Advisory CESA-2006:0501-02 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...
Moderate: Red Hat Security Advisory: php security update
Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server...
php security update
CentOS Errata and Security Advisory CESA-2006:0276 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...
Moderate: Red Hat Security Advisory: php security update
Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...
USN-261-1: PHP vulnerabilities
Stefan Esser discovered that the 'session' module did not sufficiently verify the validity of the user-supplied session ID. A remote attacker could exploit this to insert arbitrary HTTP headers into the response sent by the PHP application, which could lead to HTTP Response Splitting forging of...
Mandrake Linux Security Advisory : php (MDKSA-2006:028)
Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function. CVE-2006-0207 Multiple cross-site...
CVE-2006-0208
Multiple cross-site scripting XSS vulnerabilities in PHP 4.4.1 and 5.1.1, when displayerrors and htmlerrors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message...
CVE-2006-0208
The CVE-2006-0208 entry affects PHP 4.4.1 and 5.1.1, where enabling display_errors and html_errors allows remote attackers to inject arbitrary script/HTML via unsafely echoed inputs in error messages. Public-advisory details (from connected docs) indicate this class of XSS vulnerabilities is tied...