SUSE CVE-2010-1860

The htmlentitydecode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information memory contents or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature...

Ubuntu: Security Advisory (USN-320-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

The sanitizestring function in ZenPhoto before 1.4.9 utilized the htmlentitydecode function after input sanitation, which might allow remote attackers to perform a cross-site scripting XSS via a crafted string...

CVE-2015-5594

The sanitizestring function in ZenPhoto before 1.4.9 utilized the htmlentitydecode function after input sanitation, which might allow remote attackers to perform a cross-site scripting XSS via a crafted string...

CVE-2015-5594

The sanitizestring function in ZenPhoto before 1.4.9 utilized the htmlentitydecode function after input sanitation, which might allow remote attackers to perform a cross-site scripting XSS via a crafted string...

PHP 4.x/5.x Html_Entity_Decode() Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17296/info PHP 'htmlentitydecode' function is prone to an information-disclosure vulnerability. This issue arises when a script using the function accepts data from a remote untrusted source and returns the function's...

PHP 5.2.x<5.2.14,5.3.x<5.3.3 html_entity_decode函数信息泄露漏洞

No description provided by source...

PHP 5.2.x<5.2.14,5.3.x<5.3.3 html_entity_decode函数信息泄露漏洞

No description provided by source...

PHP 5.2.x<5.2.14,5.3.x<5.3.3 html_entity_decode函数信息泄露漏洞

No description provided by source...

MOPS-2010-010: PHP html_entity_decode&#40;&#41; Interruption Information Leak Vulnerability

MOPS-2010-010: PHP htmlentitydecode Interruption Information Leak Vulnerability May 6th, 2010 PHP’s htmlentitydecode function can be abused for information leak attacks, because of the call time pass by reference feature. Affected versions Affected is PHP 5.2 = 5.2.13 Affected is PHP 5.3 = 5.3.2...

CVE-2010-1860

The htmlentitydecode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information memory contents or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature...

CVE-2010-1860

The htmlentitydecode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information memory contents or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature...

Memory corruption

The htmlentitydecode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information memory contents or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature...

CVE-2010-1860

The CVE-2010-1860 entry concerns PHP HTML entity decoding in PHP 5.2.x (up to 5.2.13) and 5.3.x (up to 5.3.2), enabling context-dependent information disclosure (memory contents) or memory corruption via interruption of an internal call related to call_time_pass_by_reference. Connected advisories...

CVE-2010-1860

The htmlentitydecode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information memory contents or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature...

Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-320-1)

The phpinfo PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo. Please note that it is not recommended to publicly expose phpinfo. CVE-2006-0996 An...

USN-320-1: PHP vulnerabilities

The phpinfo PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo. Please note that it is not recommended to publicly expose phpinfo. CVE-2006-0996 An...

CentOS 3 / 4 : php (CESA-2006:0276)

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

SUSE-SA:2006:024: php4,php5

The remote host is missing the patch for the advisory SUSE-SA:2006:024 php4,php5. This update fixes the following security issues in the scripting languages PHP4 and PHP5: - copy and tempnam functions could bypass openbasedir restrictions CVE-2006-1494 - Cross-Site-Scripting XSS bug in phpinfo...

Mandrake Linux Security Advisory : php (MDKSA-2006:063)

A vulnerability was discovered where the htmlentitydecode function would return a chunk of memory with length equal to the string supplied, which could include php code, php ini data, other user data, etc. Note that by default, Corporate 3.0 and Mandriva Linux LE2005 ship with magicquotesgpc on...