EUVD-2011-4029

Malware in sbrugna...

Gentoo Security Advisory GLSA 201209-03 (php)

The remote host is missing updates announced in advisory GLSA 201209-03. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Mandriva Update for php MDVSA-2011:166 (php)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Linux Security Advisory : php (MDVSA-2011:166)

A vulnerability has been identified and fixed in php : The isa function in PHP 5.3.7 and 5.3.8 triggers a call to the autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR...

CVE-2011-4078

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service resource consumption and inbox outage, via a Subject header containing only a URL, a related issue to...

CVE-2011-3379

The isa function in PHP 5.3.7 and 5.3.8 triggers a call to the autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders...

Sql injection

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service resource consumption and inbox outage, via a Subject header containing only a URL, a related issue to...

CVE-2011-4078

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service resource consumption and inbox outage, via a Subject header containing only a URL, a related issue to...

CVE-2011-3379

CVE-2011-3379 : The is_a() function in PHP 5.3.7/5.3.8 can trigger __autoload, enabling remote attackers to execute arbitrary code by supplying a crafted URL and abusing unsafe autoloaders in certain PEAR packages. The issue is tied to PHP’s autoload behavior and the is_a() path, with public advi...

Fedora 14 : php-5.3.8-3.fc14 (2011-13458)

Revert isa behavior to php = 5.3.6 and add a new new option allowstring for the new behavior accept string and raise autoload if needed Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatical...

Fedora Update for php FEDORA-2011-13458

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora 15 : php-5.3.8-3.fc15 (2011-13446)

Revert isa behavior to php = 5.3.6 and add a new new option allowstring for the new behavior accept string and raise autoload if needed Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatical...