65 matches found
CVE-2015-8935
The sapiheaderop function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting XSS attacks against Internet Explorer by leveraging ...
CVE-2015-8935
The sapiheaderop function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting XSS attacks against Internet Explorer by leveraging ...
UBUNTU-CVE-2016-5766
Integer overflow in the gd2GetHeader function in gdgd2.c in the GD Graphics Library aka libgd before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly ha...
CVE-2015-8935
The sapiheaderop function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting XSS attacks against Internet Explorer by leveraging ...
PT-2015-7832 · Libarchive +5 · Libarchive +5
Name of the Vulnerable Software and Affected Versions: libarchive versions prior to 3.2.0 Description: The issue allows remote attackers to cause a denial of service, specifically an out-of-bounds heap, by using a crafted file, either in lzh or lha format. This is due to a problem in the lha read...
php: HTTP response splitting in header() function
The header PHP function allowed header stings containing line break followed by a space or tab, as allowed by RFC 2616. Certain browsers handled the continuation line as new header, making it possible to conduct a HTTP response splitting attack against such browsers. The header function was updat...
CVE-2014-9116
CVE-2014-9116 concerns the Mutt mail client. The description specifies that the write_one_header function in mutt 1.5.23 mishandles newline characters at the beginning of a header, allowing a remote attacker to cause a denial of service (crash) by sending a header with an empty body. This conditi...
CVE-2014-2230
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 1 dest parameter to adclick.php or 2 maxdest parameter to ck.php...
PHP 4.2.3 Header Function Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5669/info PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems. It has been reported that a vulnerability in the PHP header functi...
CrystalFTP Pro 2.8 - Remote Buffer Overflow Exploit
No description provided by source. / CrystalFTP Pro v2.8 Buffer Overflow Exploit 04/25/2005 despite the fact that nobody uses CrystalFTP i had to release a new version that replaces the first one. this overwrites the structured exception handler with a pop edx pop eax ret in kernel32.dll. this...
PHP < 5.3.11 Multiple Vulnerabilities
Binary data 6995.prm...
Design/Logic Flaw
The sapiheaderop function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improp...
PHP < 5.3.11 Multiple Vulnerabilities
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such is potentially affected by multiple vulnerabilities : - During the import of environment variables, temporary changes to the 'magicquotesgpc' directive are not handled properly. This can...
Owl Intranet Engine 1.00 Authentication Bypass
Advisory: Owl Intranet Engine: Authentication Bypass During a penetration test, RedTeam Pentesting discovered an Authentication Bypass vulnerability in the Owl Intranet Engine, which allows unauthenticated users administrative access to the affected systems. Details ======= Product: Owl Intranet...
Traq 'authenticate()'函数远程代码执行漏洞
Bugtraq ID: 50961 Traq是一款基于PHP/MySQL的项目管理软件 定义在/admincp/common.php中的authenticate函数存在错误: 27. function authenticate 28. 29. global $user; 30. 31. if!$user-group'isadmin' 32. header"Location: login.php"; 33...
Mandriva Update for php MDKSA-2007:048 (php)
Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDKSA-2007:048 php Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
PHP 5.2.0 header() Space Trimming Buffer Underflow Exploit (MacOSX)
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || // // | |/ || '|/ |/ -| ' / -/ |||| /| || / //...
PHP header() function memory corruption
Heap memory page coruption allows code execution on big endian systems...
PHP 5.2.0 (OSX) - 'header()' Space Trimming Buffer Underflow
?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...
Mandrake Linux Security Advisory : php (MDKSA-2007:048)
A number of vulnerabilities were discovered in PHP language. Many buffer overflow flaws were discovered in the PHP session extension, the strreplace function, and the imapmailcompose function. An attacker able to use a PHP application using any of these functions could trigger these flaws and...