11 matches found
SOL13231 - PHP vulnerability CVE-2009-2626
In PHP 5.3.0 and PHP 5.2.10 and earlier, the zendrestoreinientrycb function in zendini.c allows context-specific attackers to obtain sensitive information memory contents and causes PHP to fail by using the iniset function to declare a variable, and then using the inirestore function to restore t...
SuSE 11 Security Update : PHP5 (SAT Patch Number 1978)
This update of PHP5 fixes : - CVE-2008-5624: CVSS v2 Base Score: 7.5 HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P : Permissions, Privileges, and Access Control CWE-264 - CVE-2008-5625: CVSS v2 Base Score: 7.5 HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P : Permissions, Privileges, and Access Control CWE-264 - Cross-Site...
openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-1993)
This update of php5 fixes: CVE-2008-5624: CVSS v2 Base Score: 7.5 HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P: Permissions, Privileges, and Access Control CWE-264 CVE-2008-5625: CVSS v2 Base Score: 7.5 HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P: Permissions, Privileges, and Access Control CWE-264 CVE-2008-5814: CVSS v2...
openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-1993)
This update of php5 fixes: CVE-2008-5624: CVSS v2 Base Score: 7.5 HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P: Permissions, Privileges, and Access Control CWE-264 CVE-2008-5625: CVSS v2 Base Score: 7.5 HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P: Permissions, Privileges, and Access Control CWE-264 CVE-2008-5814: CVSS v2...
openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-1993)
This update of php5 fixes: CVE-2008-5624: CVSS v2 Base Score: 7.5 HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P: Permissions, Privileges, and Access Control CWE-264 CVE-2008-5625: CVSS v2 Base Score: 7.5 HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P: Permissions, Privileges, and Access Control CWE-264 CVE-2008-5814: CVSS v2...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : php5 vulnerabilities (USN-882-1)
Maksymilian Arciemowicz discovered that PHP did not properly handle the inirestore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. CVE-2009-2626 It was discovered that the htmlspecialchars...
Gentoo Security Advisory GLSA 201001-03 (php)
The remote host is missing updates announced in advisory GLSA 201001-03. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
CVE-2009-2626
The CVE-2009-2626 issue affects PHP 5.3.0, 5.2.10 and earlier, where zend_restore_ini_entry_cb in zend_ini.c allows a context-specific attacker to cause memory disclosure and PHP crashes by abusing ini_set and ini_restore. Connected advisories confirm this as a vulnerability in PHP’s ini_restore(...
PHP ini_restore()内存信息泄露漏洞
BUGTRAQ ID: 36009 CVE ID: CVE-2009-2626 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 在使用inirestore函数重置PHP配置环境时PG类中的变量会显示任意部分的内存。如果要利用这个漏洞,攻击者必须要通过iniset函数声明变量。 - ---zendini.c--- static int zendrestoreinientrycbzendinientry inientry, int stage TSRMLSDC / / if inientry-modified if inientry-onmodify...
[SECURITY] [DSA-1940-1] New php5 packages fix several issues
------------------------------------------------------------------------ Debian Security Advisory DSA-1940-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 25, 2009 http://www.debian.org/security/faq -...
[SECURITY] [DSA-1940-1] New php5 packages fix several issues
------------------------------------------------------------------------ Debian Security Advisory DSA-1940-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 25, 2009 http://www.debian.org/security/faq -...