4 matches found
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3754)
The following issues have been fixed : - missing openbasedir and safemode restriction. CVE-2007-3007 - chunksplit integer overflow. CVE-2007-2872 - DoS condition in libgd's image processing. CVE-2007-2756 - possible super-global overwrite inside importrequestvariables. CVE-2007-1396 - buffer...
openSUSE 10 Security Update : php5 (php5-3753)
The following issues have been fixed in PHP, which were spotted by the MOPB project or fixed in PHP 5.2.3 release : - missing openbasedir and safemode restriction CVE-2007-3007 - chunksplit integer overflow CVE-2007-2872 - DoS condition in libgd's image processing CVE-2007-2756 - possible...
CVE-2007-1396
The CVE-2007-1396 entry describes a vulnerability in PHP where import_request_variables (PHP 4.0.7–4.4.6 and 5.x before 5.2.2) can overwrite superglobals (GET, POST, COOKIE, FILES, SERVER, SESSION, etc.) when called without a prefix, enabling remote attackers to spoof source IP and Referer data a...
CVE-2007-1396
The importrequestvariables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the 1 GET, 2 POST, 3 COOKIE, 4 FILES, 5 SERVER, 6 SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address a...