openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0645-1)

This php5 update fixes : - CVE-2011-0421: CVSS v2 Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P: Input Validation CWE-20 - CVE-2011-1092: CVSS v2 Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P: Numeric Errors CWE-189 - CVE-2011-1148: CVSS v2 Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P: Resource Managemen...

openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0645-1)

This php5 update fixes : - CVE-2011-0421: CVSS v2 Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P: Input Validation CWE-20 - CVE-2011-1092: CVSS v2 Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P: Numeric Errors CWE-189 - CVE-2011-1148: CVSS v2 Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P: Resource Managemen...

PHP 5.3 < 5.3.6 Multiple Vulnerabilities

PHP is prone to multiple vulnerabilities. Copyright C 2012 NopSec Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...

HP/HPE System Management Homepage (SMH) Multiple Vulnerabilities (HPSBMU02764)

HP/HPE System Management Homepage SMH is prone to multiple vulnerabilities. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Debian Security Advisory DSA 2408-1 (php5)

The remote host is missing an update to php5 announced via advisory DSA 2408-1. OpenVAS Vulnerability Test $Id: deb24081.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2408-1 php5 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian DSA-2408-1 : php5 - several vulnerabilities

Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2011-1072 It was discovered that insecure handling of temporary files in the PEAR installer could lead to denial of service. -...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7553)

This update for PHP5 fixes the following security issues : - Input Validation in the ZIP extension and NumberFormatter. CWE-20, CVE-2011-0421 / CVE-2011-1470 / CVE-2011-1467 - Numeric Errors in the SHM support and ZIP extension. CWE-189, CVE-2011-1092 / CVE-2011-1471 - Buffer overflows in the...

SuSE 11.1 Security Update : PHP5 (SAT Patch Number 4663)

This PHP5 update fixes : - CVE-2011-0421: CVSS v2 Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P: Input Validation CWE-20 - CVE-2011-1092: CVSS v2 Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P: Numeric Errors CWE-189 - CVE-2011-1148: CVSS v2 Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P: Resource Managemen...

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 / 11.04 : php5 regressions (USN-1126-2)

USN 1126-1 fixed several vulnerabilities in PHP. The fix for CVE-2010-4697 introduced an incorrect reference counting regression in the Zend engine that caused the PHP interpreter to segfault. This regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS. The fixes for CVE-2011-1072 and CVE-2011-11...

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 / 11.04 : php5 vulnerabilities (USN-1126-1)

Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. CVE-2011-0441 Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite...

Mandriva Update for php MDVSA-2011:052 (php)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2011-1464

CVE-2011-1464 affects PHP prior to 5.3.6. It is described as a buffer overflow in the strval function triggered when the precision configuration option has a large value, potentially causing a denial of service (application crash) with a small numeric argument. Affected product: PHP (versions bef...