902 matches found
CVE-2008-0145
Unspecified vulnerability in glob in PHP before 4.4.8, when openbasedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663...
Design/Logic Flaw
Unspecified vulnerability in glob in PHP before 4.4.8, when openbasedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663...
CVE-2008-0145
Unspecified vulnerability in glob in PHP before 4.4.8, when openbasedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663...
CVE-2008-0145
Unspecified vulnerability in glob in PHP before 4.4.8, when openbasedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663...
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4810)
This update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities CVE-2007-1659, CVE-2006-7230, CVE-2007-1660, CVE-2006-7227 CVE-2005-4872, CVE-2006-7228 - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars CVE-2007-5898 - overly long...
FreeBSD : php -- multiple security vulnerabilities (392b5b1d-9471-11dc-9db7-001c2514716c)
PHP project reports : Security Enhancements and Fixes in PHP 5.2.5 : - Fixed dl to only accept filenames. Reported by Laurent Gaffie. - Fixed dl to limit argument size to MAXPATHLEN CVE-2007-4887. Reported by Laurent Gaffie. - Fixed htmlentities/htmlspecialchars not to accept partial multibyte...
Remote code execution
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...
CVE-2007-4782
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...
CVE-2007-4782
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...
CVE-2007-4782
CVE-2007-4782 affects PHP prior to 5.2.3. The issue arises when long strings are passed to glob (pattern parameter) or to fnmatch (string parameter) with a pattern value of undefined characteristics, potentially causing an application crash (DoS). The description notes this vulnerability might no...
CVE-2007-4782
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...
PHP multiple DoS conditions
Crash on oversized strings in fnmatch, iconvsubstr, glob and setlocale functions...
PHP < 5.2.3 glob() denial of service
Application: PHP 5.2.3 Web Site: http://php.net Platform: unix Bug: denial of service fonction: glob special condition:default php memory-limit value =========== 1 Introduction 2 Bug 3 Proof of concept 4 greets 5 Credits =========== 1 Introduction =========== "PHP is a widely-used general-purpose...
PHP Glob()函数远程拒绝服务漏洞
BUGTRAQ ID: 24922,25498 CVECAN ID: CVE-2007-3806 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的glob函数实现上存在漏洞,远程攻击者可能利用此漏洞导致程序崩溃。 PHP中的glob函数参数值应为传送给int $flags的参数的整数值,因此如果提交了非整数值(如-1)的话, 就可能导致函数中出现无效读取操作,造成拒绝服务。 PHP http://www.php.net/downloads.php ?php //PHP 5.2.3 glob Remote DoS Exploit //author:...
CVE-2007-4663
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass openbasedir restrictions via unspecified vectors involving the glob function...
Directory traversal
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass openbasedir restrictions via unspecified vectors involving the glob function...
CVE-2007-4663
CVE-2007-4663 affects PHP prior to 5.2.4. A directory traversal vulnerability allows bypass of open_basedir restrictions via the glob-based path handling. Affected product: PHP (versions before 5.2.4). Root cause: improper sanitization of glob results leading to potential traversal outside the op...
CVE-2007-4663
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass openbasedir restrictions via unspecified vectors involving the glob function...
PHP 5.2.3 glob() Remote DoS Exploit
?php //PHP 5.2.3 glob Remote DoS Exploit //author: shinnai //mail: shinnaiatautisticidotorg //site: http://shinnai.altervista.org //Tested on xp sp2, worked both from the cli EIP overwrite and on apache Denial of Service //Bug discovered with "Footzo" thanks to rgod. //To download Footzo:...
PHP glob code execution
With negative argument values it's possible to executed code from address space controlled by attacker...