FreeBSD : php -- multiple security vulnerabilities (392b5b1d-9471-11dc-9db7-001c2514716c)

PHP project reports : Security Enhancements and Fixes in PHP 5.2.5 : - Fixed dl to only accept filenames. Reported by Laurent Gaffie. - Fixed dl to limit argument size to MAXPATHLEN CVE-2007-4887. Reported by Laurent Gaffie. - Fixed htmlentities/htmlspecialchars not to accept partial multibyte...

CVE-2007-4782

PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...

Remote code execution

PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...

CVE-2007-4782

PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...

CVE-2007-4782

CVE-2007-4782 affects PHP prior to 5.2.3. The issue arises when long strings are passed to glob (pattern parameter) or to fnmatch (string parameter) with a pattern value of undefined characteristics, potentially causing an application crash (DoS). The description notes this vulnerability might no...

CVE-2007-4782

PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...

PHP < 5.2.3 glob() denial of service

Application: PHP 5.2.3 Web Site: http://php.net Platform: unix Bug: denial of service fonction: glob special condition:default php memory-limit value =========== 1 Introduction 2 Bug 3 Proof of concept 4 greets 5 Credits =========== 1 Introduction =========== "PHP is a widely-used general-purpose...

Directory traversal

Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass openbasedir restrictions via unspecified vectors involving the glob function...

CVE-2007-4663

Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass openbasedir restrictions via unspecified vectors involving the glob function...

CVE-2007-4663

Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass openbasedir restrictions via unspecified vectors involving the glob function...

CVE-2007-4663

CVE-2007-4663 affects PHP prior to 5.2.4. A directory traversal vulnerability allows bypass of open_basedir restrictions via the glob-based path handling. Affected product: PHP (versions before 5.2.4). Root cause: improper sanitization of glob results leading to potential traversal outside the op...

PHP 5.2.3 glob() Remote DoS Exploit

?php //PHP 5.2.3 glob Remote DoS Exploit //author: shinnai //mail: shinnaiatautisticidotorg //site: http://shinnai.altervista.org //Tested on xp sp2, worked both from the cli EIP overwrite and on apache Denial of Service //Bug discovered with "Footzo" thanks to rgod. //To download Footzo:...

Memory corruption

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initializati...

CVE-2007-3806

The vulnerability CVE-2007-3806 affects PHP 5.2.3 where the glob() function can be abused by context-dependent attackers via an invalid flags parameter, potentially causing a denial of service and possibly executing arbitrary code. The described root causes point to memory corruption or an invali...

PHP 5.2.3 glob() Denial of Service Exploit

No description provided by source. ?php //PHP 5.2.3 glob Remote DoS Exploit //author: shinnai //mail: shinnaiatautisticidotorg //site: http://shinnai.altervista.org //Tested on xp sp2, worked both from the cli EIP overwrite and on apache Denial of Service...

PHP 5.2.3 - glob() Denial of Service

PHP 5.2.3 - glob Denial of Service milw0rm.com 2007-07-14...

PHP safe_mode glob() protection bypass

glob function allows to check existance of file/directory and build directory listing...

USN-154-1: vim vulnerability

Georgi Guninski discovered that it was possible to construct Vim modelines that execute arbitrary shell commands by wrapping them in glob or expand function calls. If an attacker tricked an user to open a file with a specially crafted modeline, he could exploit this to execute arbitrary commands...

FTP Server 'glob' Function Overflow

Binary data 1836.prm...

CVE-2001-0886

Buffer overflow in glob function of glibc allows attackers to cause a denial of service crash and possibly execute arbitrary code via a glob pattern that ends in a brace "" character...