2 matches found
Mandrake Linux Security Advisory : php (MDKSA-2006:074)
A cross-site scripting XSS vulnerability in phpinfo info.c in PHP = 5.1.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed. CVE-2006-0996 Directory...
CVE-2006-1608
CVE-2006-1608 affects PHP 4.4.2 and 5.1.2 where the copy() path in file.c can bypass safe_mode and read arbitrary files when the source argument contains a compress.zlib:// URI. The issue is local to the attacker’s host and allows reading of files via the compress.zlib path. Connected advisories ...