6 matches found
PHP Session Data Deserialization Arbitrary Code Execution Vulnerability
PHP is prone to an arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescriptio...
Gentoo Security Advisory GLSA 200705-19 (php)
The remote host is missing updates announced in advisory GLSA 200705-19. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Ubuntu 6.06 LTS / 6.10 / 7.04 : php5 vulnerabilities (USN-455-1)
Stefan Esser discovered multiple vulnerabilities in the 'Month of PHP bugs'. The substrcompare function did not sufficiently verify its length argument. This might be exploited to read otherwise unaccessible memory, which might lead to information disclosure. CVE-2007-1375 The shared memory shmop...
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3289)
This Update fixes numerous vulnerabilities in PHP. Most of them were made public during the 'Month of PHP Bugs'. The vulnerabilities potentially lead to crashes, information leaks or even execution of malicious code. CVE-2007-1380, CVE-2007-0988, CVE-2007-1375, CVE-2007-1454 CVE-2007-1453,...
USN-455-1: PHP vulnerabilities
Stefan Esser discovered multiple vulnerabilities in the "Month of PHP bugs". The substrcompare function did not sufficiently verify its length argument. This might be exploited to read otherwise unaccessible memory, which might lead to information disclosure. CVE-2007-1375 The shared memory shmop...
CVE-2007-1700
CVE-2007-1700 describes a vulnerability in PHP where the session extension pre-4.4.5 (and pre-5.2.1) incorrectly calculates the session variable reference count, failing to account for the internal pointer in the session globals. This can allow context-dependent attackers to execute arbitrary cod...