PHP 4.x,5.2.6 dba_replace函数拒绝服务漏洞

No description provided by source...

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : php5 vulnerabilities (USN-862-1)

Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dbareplace function. If a script passed untrusted input to the dbareplace function, an attacker could truncate the database. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and 8.10. CVE-2008-7068 It was...

USN-862-1: PHP vulnerabilities

Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dbareplace function. If a script passed untrusted input to the dbareplace function, an attacker could truncate the database. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and 8.10. CVE-2008-7068 It was...

Mandriva Linux Security Advisory : php (MDVSA-2009:247)

Multiple vulnerabilities was discovered and corrected in php : The dbareplace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service file truncation via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the...

PHP 4.x, 5.2.6 DoS Vulnerability

PHP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

CVE-2008-7068

The dbareplace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service file truncation via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have...

CVE-2008-7068

Summary: CVE-2008-7068 affects PHP (notably PHP 5.2.6 and 4.x). The root cause is a flaw in the dba_replace function that allows context-dependent attackers to cause a denial of service via a key containing a NULL byte. The impact is described as file truncation under limited circumstances where ...

CVE-2008-7068

The dbareplace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service file truncation via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have...

FreeBSD : php -- ini database truncation inside dba_replace() function (1e8031be-4258-11de-b67a-0030843d3802)

securityfocus research reports : A bug that leads to the emptying of the INI file contents if the database key was not found exists in PHP dba extension in versions 5.2.6, 4.4.9 and earlier. Function dbareplace are not filtering strings key and value. There is a possibility for the destruction of...

SecurityReason : PHP 5.2.6 dba_replace() destroying file

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SecurityReason.com PHP 5.2.6 dbareplace destroying file Author: Maksymilian Arciemowicz http://securityreason.com Date: - - Written: 10.11.2008 - - Public: 28.11.2008 SecurityReason Research SecurityAlert Id: 58 SecurityRisk: Medium Affected Software:...

PHP dba_replace() DoS

It's possible to destroy ini-file content...

php526-destroy.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SecurityReason.com PHP 5.2.6 dbareplace destroying file Author: Maksymilian Arciemowicz http://securityreason.com Date: - - Written: 10.11.2008 - - Public: 28.11.2008 SecurityReason Research SecurityAlert Id: 58 SecurityRisk: Medium Affected Software:...

php -- ini database truncation inside dba_replace() function

securityfocus research reports: A bug that leads to the emptying of the INI file contents if the database key was not found exists in PHP dba extension in versions 5.2.6, 4.4.9 and earlier. Function dbareplace are not filtering strings key and value. There is a possibility for the destruction of...