14 matches found
EUVD-2006-6207
Malware in sbrugna...
SUSE CVE-2005-3390
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when registerglobals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field...
phpMyAdmin '$GLOBALS' 数组未授权访问漏洞(CVE-2013-3241)
BUGTRAQ ID: 59461 CVECAN ID: CVE-2013-3241 phpmyadmin是MySQL数据库的在线管理工具,主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。 phpMyAdmin 4.0.0-rc3之前版本内的export.php根据POST超全局数组的内容覆盖了全局变量,经过身份验证的远程用户通过特制的请求利用此漏洞注入任意值。 Php script "export.php" line 20: ------------------------ source code start...
Double free
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...
CVE-2007-1711
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...
CVE-2006-6224
PHP remote file inclusion vulnerability in the installation scripts in Puntal before 1.8.5 allows remote attackers to execute arbitrary PHP code via the GLOBALS array...
CVE-2006-6224
PHP remote file inclusion vulnerability in the installation scripts in Puntal before 1.8.5 allows remote attackers to execute arbitrary PHP code via the GLOBALS array...
security flaw
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when registerglobals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field...
USN-232-1: PHP vulnerabilities
Eric Romang discovered a local Denial of Service vulnerability in the handling of the 'session.savepath' parameter in PHP's Apache 2.0 module. By setting this parameter to an invalid value in an .htaccess file, a local user could crash the Apache server. CVE-2005-3319 A Denial of Service flaw was...
security flaw
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when registerglobals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field...
CVE-2005-3738
globals.php in Mambo Site Server 4.0.14 and earlier, when registerglobals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfigabsolutepath parameter to content.html.php for remote PHP file inclusion...
Slackware 10.2 / current : PHP (SSA:2005-310-05)
New PHP packages are available for Slackware 10.2 and -current to fix minor security issues relating to the overwriting of the GLOBALS array. It has been reported here that this new version of PHP also breaks squirrelmail and probably some other things. Given the vague nature of the security...
[slackware-security] PHP
New PHP packages are available for Slackware 10.2 and -current to fix minor security issues relating to the overwriting of the GLOBALS array. It has been reported here that this new version of PHP also breaks squirrelmail and probably some other things. Given the vague nature of the security...
CVE-2005-3390
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when registerglobals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field...