SLES9: Security update for PHP4

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: modphp4-core php4-exif php4-imap php4 php4-mbstring modphp4-servlet php4-mysql php4-servlet php4-fastcgi php4-session php4-devel apache-modphp4 apache2-modph...

openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-61)

This update of php5 fixes : - possible stack-based buffer overflow CVE-2008-2050 - incomplete escapeshellcmd CVE-2008-2051 - printf integer overflow CVE-2008-1384 - insecure GENERATESEED macro CVE-2008-2107 - timezone update for DST in Pakistan %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : php5 vulnerabilities (USN-720-1)

It was discovered that PHP did not properly enforce phpadminvalue and phpadminflag restrictions in the Apache configuration file. A local attacker could create a specially crafted PHP script that would bypass intended security restrictions. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8....

Mandriva Linux Security Advisory : php (MDVSA-2009:021)

A buffer overflow in the imageloadfont function in PHP allowed context-dependent attackers to cause a denial of service crash and potentially execute arbitrary code via a crafted font file CVE-2008-3658. A buffer overflow in the memnstr function allowed context-dependent attackers to cause a deni...

RedHat Security Advisory RHSA-2009:0338

The remote host is missing updates announced in advisory RHSA-2009:0338. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP scrip...

php: FastCGI module DoS via multiple dots preceding the extension

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service crash via a request with multiple dots preceding the extension, as demonstrated using foo..php...

php security update

CentOS Errata and Security Advisory CESA-2009:0338 Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting languag...

php: FastCGI module DoS via multiple dots preceding the extension

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service crash via a request with multiple dots preceding the extension, as demonstrated using foo..php...

php: FastCGI module DoS via multiple dots preceding the extension

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service crash via a request with multiple dots preceding the extension, as demonstrated using foo..php...

Moderate: Red Hat Security Advisory: php security update

Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A...

Fedora Update for lighttpd FEDORA-2008-2262

Check for the Version of lighttpd OpenVAS Vulnerability Test Fedora Update for lighttpd FEDORA-2008-2262 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

USN-720-1: PHP vulnerabilities

It was discovered that PHP did not properly enforce phpadminvalue and phpadminflag restrictions in the Apache configuration file. A local attacker could create a specially crafted PHP script that would bypass intended security restrictions. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8....

Oracle Application Server Portal 10g Cross Site Scripting Vulnerability

OracleAS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environment for accessing and interacting with enterprise software services and information resources. A vulnerability has been identified in Oracle Application Server 10g, This could b...

Oracle AS Portal Cross Site Scripting

Oracle AS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environment for accessing and interacting with enterprise software services and information resources. A vulnerability has been identified in Oracle Application Server 10g, This could ...

Mandrake Security Advisory MDVSA-2009:021 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:021. OpenVAS Vulnerability Test $Id: mdksa2009021.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:021 php Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

PHP 5 < 5.2.7 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is prior to 5.2.7. It is, therefore, affected by multiple vulnerabilities : - There is a buffer overflow flaw in the bundled PCRE library that allows a denial of service attack. CVE-2008-2371 - Multiple directory traversal...

GLSA-200811-05 : PHP: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200811-05 PHP: Multiple vulnerabilities Several vulnerabilitites were found in PHP: PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security restrictions or even for remote code execution i...

PHP FastCGI模块文件扩展拒绝服务漏洞

BUGTRAQ ID: 31612 CVE ID：CVE-2008-3660 CNCVE ID：CNCVE-20083660 PHP FastCGI是一款用于提高PHP性能的模块。 PHP FastCGI不正确处理部分文件请求，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 1，ext/gd's imageloadfont函数存在溢出。 2，PHP内部memnstr函数作为explode函数导出到用户空间存在溢出。 这些函数接收部分webapps中用户提供的数据，可远程利用。 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard...

[SECURITY] [DSA 1647-1] New php5 packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1647-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 07, 2008 http://www.debian.org/security/faq -...

Debian DSA-1647-1 : php5 - several vulnerabilities

Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3658 Buffer overflow in the imageloadfont function allows a denial of service or code execution...