825 matches found
php crash in glob() and fnmatch() functions
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...
Debian DSA-1578-1 : php4 - several vulnerabilities
Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3799 The sessionstart function allows remote attackers to insert arbitrary attributes int...
Input validation
Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service PHP outage and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted a-z argument as ...
CVE-2008-0145
Unspecified vulnerability in glob in PHP before 4.4.8, when openbasedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663...
Design/Logic Flaw
Unspecified vulnerability in glob in PHP before 4.4.8, when openbasedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663...
CVE-2008-0145
Unspecified vulnerability in glob in PHP before 4.4.8, when openbasedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663...
CVE-2008-0145
Unspecified vulnerability in glob in PHP before 4.4.8, when openbasedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663...
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4810)
This update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities CVE-2007-1659, CVE-2006-7230, CVE-2007-1660, CVE-2006-7227 CVE-2005-4872, CVE-2006-7228 - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars CVE-2007-5898 - overly long...
FreeBSD : php -- multiple security vulnerabilities (392b5b1d-9471-11dc-9db7-001c2514716c)
PHP project reports : Security Enhancements and Fixes in PHP 5.2.5 : - Fixed dl to only accept filenames. Reported by Laurent Gaffie. - Fixed dl to limit argument size to MAXPATHLEN CVE-2007-4887. Reported by Laurent Gaffie. - Fixed htmlentities/htmlspecialchars not to accept partial multibyte...
CVE-2007-4782
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...
Remote code execution
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...
CVE-2007-4782
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...
CVE-2007-4782
CVE-2007-4782 affects PHP prior to 5.2.3. The issue arises when long strings are passed to glob (pattern parameter) or to fnmatch (string parameter) with a pattern value of undefined characteristics, potentially causing an application crash (DoS). The description notes this vulnerability might no...
CVE-2007-4782
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...
PHP multiple DoS conditions
Crash on oversized strings in fnmatch, iconvsubstr, glob and setlocale functions...
PHP < 5.2.3 glob() denial of service
Application: PHP 5.2.3 Web Site: http://php.net Platform: unix Bug: denial of service fonction: glob special condition:default php memory-limit value =========== 1 Introduction 2 Bug 3 Proof of concept 4 greets 5 Credits =========== 1 Introduction =========== "PHP is a widely-used general-purpose...
PHP Glob()函数远程拒绝服务漏洞
BUGTRAQ ID: 24922,25498 CVECAN ID: CVE-2007-3806 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的glob函数实现上存在漏洞,远程攻击者可能利用此漏洞导致程序崩溃。 PHP中的glob函数参数值应为传送给int $flags的参数的整数值,因此如果提交了非整数值(如-1)的话, 就可能导致函数中出现无效读取操作,造成拒绝服务。 PHP http://www.php.net/downloads.php ?php //PHP 5.2.3 glob Remote DoS Exploit //author:...
Directory traversal
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass openbasedir restrictions via unspecified vectors involving the glob function...
CVE-2007-4663
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass openbasedir restrictions via unspecified vectors involving the glob function...
CVE-2007-4663
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass openbasedir restrictions via unspecified vectors involving the glob function...