PHP < 5.2.6 Multiple Vulnerabilities (Aug 2008)

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

DSA-1647-1 php5 - several vulnerabilities

Bulletin has no description...

Gentoo Security Advisory GLSA 200502-21 (lighttpd)

The remote host is missing updates announced in advisory GLSA 200502-21. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Server side request forgery (ssrf)

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service crash via a request with multiple dots preceding the extension, as demonstrated using foo..php...

CVE-2008-3660

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service crash via a request with multiple dots preceding the extension, as demonstrated using foo..php...

CVE-2008-3660

CVE-2008-3660 affects PHP 4.4.x before 4.4.9 and 5.x up to 5.2.6 when used as a FastCGI module. A remote attacker can cause a denial of service (crash) by crafting a request with multiple dots before the extension (e.g., foo..php). The description explicitly demonstrates the condition and impact ...

CVE-2008-3660

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service crash via a request with multiple dots preceding the extension, as demonstrated using foo..php...

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : php5 vulnerabilities (USN-628-1)

It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. CVE-2007-4782 Maksymilian Arciemowicz discovered a flaw in t...

USN-628-1: PHP vulnerabilities

It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. CVE-2007-4782 Maksymilian Arciemowicz discovered a flaw in t...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 5345)

This version upgrade php5 to 5.2.6 fixes several security vulnerabilities. - Fixed possible stack-based buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. - Fixed integer overflow in printf identified by Maksymilian Aciemowicz. - Fixed security issue detailed in CVE-2008-0599...

Debian Security Advisory DSA 1572-1 (php5)

The remote host is missing an update to php5 announced via advisory DSA 1572-1. OpenVAS Vulnerability Test $Id: deb15721.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1572-1 php5 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

[SECURITY] Fedora 9 Update: lighttpd-1.4.19-4.fc9

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

Debian DSA-1572-1 : php5 - several vulnerabilities

Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3806 The glob function allows context-dependent attackers to cause a denial of service and possibly...

DSA-1572-1 php5 - several vulnerabilities

Bulletin has no description...

PHP 5.2.6修复多个安全漏洞

BUGTRAQ ID: 29009 CVECAN ID: CVE-2008-0599 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的5.2.6之前版本存在多个安全漏洞，允许恶意用户绕过安全限制、导致拒绝服务或入侵有漏洞的系统。 1 FastCGI SAPI中的安全漏洞可能导致栈溢出。 2 处理escapeshellcmd中不完整多字节字符时存在安全漏洞。 3 cURL中的错误可能导致绕过safemode限制。 4 PCRE中的边界条件错误可能允许恶意用户导致拒绝服务或入侵有漏洞的系统。 PHP 5.2.6 PHP ---...

Stack overflow

Stack-based buffer overflow in the FastCGI SAPI fastcgi.c in PHP before 5.2.6 has unknown impact and attack vectors...

CVE-2008-2050

Stack-based buffer overflow in the FastCGI SAPI fastcgi.c in PHP before 5.2.6 has unknown impact and attack vectors...

CVE-2008-2050

Stack-based buffer overflow in the FastCGI SAPI fastcgi.c in PHP before 5.2.6 has unknown impact and attack vectors...

CVE-2008-2050

CVE-2008-2050 affects PHP before 5.2.6, with a stack-based buffer overflow in the FastCGI SAPI (fastcgi.c). Connected sources corroborate the vulnerability and note that updates (e.g., openSUSE/SUSE php5 patches) fix this issue. No exploit details are provided in the documents. Mitigation: apply ...

CVE-2008-2050

Stack-based buffer overflow in the FastCGI SAPI fastcgi.c in PHP before 5.2.6 has unknown impact and attack vectors...