F5 Networks BIG-IP : Multiple PHP vulnerabilities (K13519)

PHP has been cited with the following multiple vulnerabilities, which may be locally exploitable on some F5 products : CVE-2006-7243 PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file...

openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0276-1)

php5 was updated to fix several security issues. CVE-2010-3709, CVE-2010-4150, CVE-2010-4645, CVE-2010-4697, CVE-2010-4698, CVE-2010-4699, CVE-2010-4700, CVE-2011-0752, CVE-2011-0753, CVE-2011-0755,CVE-2011-0708, CVE-2011-0420 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

PHP < 5.3.4 Multiple Vulnerabilities

PHP is prone to multiple vulnerabilities. Copyright C 2012 NopSec Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...

PHP 5.2 < 5.2.15 Multiple Vulnerabilities

PHP is prone to multiple vulnerabilities. Copyright C 2012 NopSec Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...

PHP Zend引擎释放后重用堆破坏漏洞(CVE-2010-4697)

BUGTRAQ ID: 45952 CVE ID: CVE-2010-4697 PHP是一种HTML内嵌式的语言，PHP与微软的ASP颇有几分相似，都是一种在服务器端执行的嵌入HTML文档的脚本语言，语言的风格有类似于C语言，现在被很多的网站编程人员广泛的运用。 PHP 5.2.15之前版本和5.3.4之前版本的Zend引擎中存在释放后重用漏洞，通过引用所访问对象上的use of set, get, isset和unset方法，攻击者可造成拒绝服务或其他攻击。 0 PHP 5.3.x PHP 5.2.x 厂商补丁： PHP ---...

Debian Security Advisory DSA 2408-1 (php5)

The remote host is missing an update to php5 announced via advisory DSA 2408-1. OpenVAS Vulnerability Test $Id: deb24081.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2408-1 php5 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian DSA-2408-1 : php5 - several vulnerabilities

Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2011-1072 It was discovered that insecure handling of temporary files in the PEAR installer could lead to denial of service. -...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7393)

PHP5 was updated to fix several security issues. CVE-2010-4150 / CVE-2010-4645 / CVE-2010-4697 / CVE-2010-4698 / CVE-2010-4699 / CVE-2011-0708 / CVE-2011-0752 / CVE-2011-0753 / CVE-2011-0755 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 / 11.04 : php5 vulnerabilities (USN-1126-1)

Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. CVE-2011-0441 Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite...

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 / 11.04 : php5 regressions (USN-1126-2)

USN 1126-1 fixed several vulnerabilities in PHP. The fix for CVE-2010-4697 introduced an incorrect reference counting regression in the Zend engine that caused the PHP interpreter to segfault. This regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS. The fixes for CVE-2011-1072 and CVE-2011-11...

USN-1126-2: PHP Regressions

USN 1126-1 fixed several vulnerabilities in PHP. The fix for CVE-2010-4697 introduced an incorrect reference counting regression in the Zend engine that caused the PHP interpreter to segfault. This regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS. The fixes for CVE-2011-1072 and CVE-2011-11...

openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0276-1)

php5 was updated to fix several security issues. CVE-2010-3709, CVE-2010-4150, CVE-2010-4645, CVE-2010-4697, CVE-2010-4698, CVE-2010-4699, CVE-2010-4700, CVE-2011-0752, CVE-2011-0753, CVE-2011-0755,CVE-2011-0708, CVE-2011-0420 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

SuSE 11.1 Security Update : PHP5 (SAT Patch Number 4133)

PHP5 was updated to fix several security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc. if NASLLEVEL 3000 exit0;...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7375)

php5 was updated to fix several security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid53285; scriptversion"1.7";...

CVE-2010-4697

CVE-2010-4697 is a use-after-free vulnerability in the Zend engine of PHP, affecting PHP versions before 5.2.15 and 5.3.x before 5.3.4. The issue arises from how __set, __get, __isset, and __unset can be used on objects accessed by a reference, enabling heap memory corruption and potential denial...

CVE-2010-4697

Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service heap memory corruption or have unspecified other impact via vectors related to use of set, get, isset, and unset methods on objects...