9 matches found
Oracle: Security Advisory (ELSA-2007-0890)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 5 : Moderate: / php (ELSA-2007-0890)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0890 advisory. 5.1.6-15.el5 - improve fix for CVE-2007-3997 278411 5.1.6-14.el5 - fix backport for CVE-2007-3996 278411 5.1.6-13.el5 - add security fixes for...
Gentoo Security Advisory GLSA 200710-02 (php)
The remote host is missing updates announced in advisory GLSA 200710-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
FreeBSD Ports: php5
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Moderate: php security update
5.1.6-15.el5 - improve fix for CVE-2007-3997 278411 5.1.6-14.el5 - fix backport for CVE-2007-3996 278411 5.1.6-13.el5 - add security fixes for CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670 278411...
PHP 4.4.75.2.3 - MySQLMySQLi Safe_Mode Bypass
PHP 4.4.75.2.3 - MySQLMySQLi SafeMode Bypass Affected Products: Philip Olausson Reported: 2007-06-05 Released: 2007-08-30 CVE: CVE-2007-3997 Issue: A vulnerability exists in PHP's MySQL and MySQLi extenstions which can be used to bypass PHP's safemode security restriction. Description: PHP is a...
PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability
No description provided by source. Affected Products: = PHP 5.2.3 = PHP 4.4.7 Authors: Mattias Bengtsson [email protected] Philip Olausson [email protected] Reported: 2007-06-05 Released: 2007-08-30 CVE: CVE-2007-3997 Issue: A vulnerability exists in PHP's MySQL and MySQLi extenstions which can be use...
PHP MySQL/MySQLi扩展绕过安全限制漏洞
CVECAN ID: CVE-2007-3997 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的MySQL和MySQLi扩展在处理畸形数据的SQL请求时,远程攻击者可能利用此漏洞执行SQL注入攻击。 PHP的MySQL和MySQLi扩展没有正确地处理包含有LOCAL INFILE的SQL查询请求,如果远程攻击者向安装了这些扩展的服务器提交了恶意SQL请求的话,就可以绕过openbasedir和safemode安全限制,执行非授权操作。请注意不要依赖于共享主机MySQLd local-infile=0选项,因为这个选项是服务器选项,因此不会影响客户...
CVE-2007-3997
CVE-2007-3997 affects the PHP MySQL and MySQLi extensions: PHP 4 before 4.4.8 and PHP 5 before 5.2.4 allow remote attackers to bypass open_basedir and safe_mode via MySQL LOCAL INFILE (demonstrated with LOAD DATA LOCAL INFILE). Impact is user-controlled file access bypass within affected PHP rele...