Debian DSA-1578-1 : php4 - several vulnerabilities

Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3799 The sessionstart function allows remote attackers to insert arbitrary attributes int...

Debian DSA-1572-1 : php5 - several vulnerabilities

Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3806 The glob function allows context-dependent attackers to cause a denial of service and possibly...

PHP 5.2.6修复多个安全漏洞

BUGTRAQ ID: 29009 CVECAN ID: CVE-2008-0599 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的5.2.6之前版本存在多个安全漏洞，允许恶意用户绕过安全限制、导致拒绝服务或入侵有漏洞的系统。 1 FastCGI SAPI中的安全漏洞可能导致栈溢出。 2 处理escapeshellcmd中不完整多字节字符时存在安全漏洞。 3 cURL中的错误可能导致绕过safemode限制。 4 PCRE中的边界条件错误可能允许恶意用户导致拒绝服务或入侵有漏洞的系统。 PHP 5.2.6 PHP ---...

CVE-2008-2051

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."...

Design/Logic Flaw

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."...

CVE-2008-2051

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."...

CVE-2008-2051

CVE-2008-2051 concerns the PHP escapeshellcmd() function before 5.2.6 and its handling of incomplete multibyte characters. Publicly available documents identify affected PHP versions prior to 5.2.6 and describe the issue in the context of multiple advisories (e.g., RHSA-2008:0544/0545, Oracle Lin...

CVE-2008-2051

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."...

EUVD-2004-0541

PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via 1 the "%", "|", or "" characters to the escapeshellcmd function, or 2 the "%"...

PHP for Windows all version shell filtering bug

Subject: PHP for Windows all version shell filtering bug Product: PHP for Windows all versions 4.3.1, 4.2.3, 3.0.17 tested with Windows 2000 SP3 all fixes + IIS Vendor: php.net Risk: High for affected systems Remote: Yes Author: 3APA3A [email protected] Intro: PHP is scripting language used...