Mandriva Linux Security Advisory : php (MDVSA-2010:009)

A vulnerability has been found and corrected in php : The htmlspecialchars function in PHP before 5.2.12 does not properly handle 1 overlong UTF-8 sequences, 2 invalid ShiftJIS sequences, and 3 invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting XSS attacks by...

PHP htmlentities()和htmlspecialchars()函数中断处理地址信息泄露漏洞

CVE ID: CVE-2010-2100 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的htmlentities及htmlspecialchars函数中存在信息泄露漏洞： static void phphtmlentitiesINTERNALFUNCTIONPARAMETERS, int all char str, hintcharset = NULL; int strlen, hintcharsetlen = 0; int len; long quotestyle = ENTCOMPAT; char replaced; zendbool...

Debian DSA-2001-1 : php5 - multiple vulnerabilities

Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-4142 The htmlspecialchars function does not properly handle invalid multi-byte sequences. - CVE-2009-4143 Memory...

[SECURITY] [DSA-2001-1] New php5 packages fix multiple vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2001-1 [email protected] http://www.debian.org/security/ Raphael Geissert February 19, 2010 http://www.debian.org/security/faq -...

CentOS Update for php CESA-2010:0040 centos3 i386

Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2010:0040 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CentOS Update for php CESA-2010:0040 centos3 x86_64

Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2010:0040 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

CentOS Update for php CESA-2010:0040 centos4 i386

Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2010:0040 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Mandriva Update for php MDVSA-2010:009 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2010:009 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Mandriva Linux Security Advisory : php (MDVSA-2010:008)

Multiple vulnerabilities has been found and corrected in php : The zendrestoreinientrycb function in zendini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information memory contents and cause a PHP crash by using the iniset function to declare...

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : php5 vulnerabilities (USN-882-1)

Maksymilian Arciemowicz discovered that PHP did not properly handle the inirestore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. CVE-2009-2626 It was discovered that the htmlspecialchars...

php security update

CentOS Errata and Security Advisory CESA-2010:0040 Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripti...

Cross site scripting

The htmlspecialchars function in PHP before 5.2.12 does not properly handle 1 overlong UTF-8 sequences, 2 invalid ShiftJIS sequences, and 3 invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting XSS attacks by placing a crafted byte sequence before a special...

CVE-2009-4142

CVE-2009-4142 affects PHP up to version 5.2.12, where the htmlspecialchars function does not properly handle certain multi-byte encodings (overlong UTF-8, invalid Shift_JIS, and invalid EUC-JP). This can enable remote attackers to perform cross-site scripting (XSS) by placing a crafted byte seque...

Simple Machines Forum 1.1.11 Cross Site Scripting

|| Script : SMF Simple Machine Forum 1.1.11 || Vulnerability Type : Active XSS Active Cross Site Scripting || Risk : Low || Discovered By Khashayar Fereidani || http://ircrash.com http://bugtraq.ircrash.com || Note : For use this vulnerability you need access to censor words panel . 1.First login...

php -- multiple vulnerabilities

PHP developers reports: This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.12: Fixed a safemode bypass in...

Joomla YOOOtheme Cross Site Scripting

view source print? andresg888 Exploit Title : Joomla ytcolor YOOOtheme xss, cookie stealing Date : 2009-12-04 Author : andresg888 Software Link : http://www.yootheme.com/ Contact : andresg8884tgmaildotcom Web: : www.ilegalintrusion.net & www.bl4ck-p0rtal.org Dork : No DoRk f0R ScRipT KiDDieS The...

Joomla! Component yt_color YOOOtheme - Cross-Site Scripting Cookie Stealing

Joomla! Component ytcolor YOOOtheme - Cross-Site Scripting Cookie Stealing andresg888 Exploit Title : Joomla ytcolor YOOOtheme xss, cookie stealing Date : 2009-12-04 Author : andresg888 Software Link : http://www.yootheme.com/ Contact : andresg8884tgmaildotcom Web: : www.ilegalintrusion.net &...

Joomla yt_color YOOOtheme XSS and Cookie Stealing

Exploit for unknown platform in category web applications ================================================= Joomla ytcolor YOOOtheme XSS and Cookie Stealing ================================================= The GET variable ytcolor can be set to any script Example 1:...

Joomla! Component yt_color YOOOtheme - Cross-Site Scripting / Cookie Stealing

andresg888 Exploit Title : Joomla ytcolor YOOOtheme xss, cookie stealing Date : 2009-12-04 Author : andresg888 Software Link : http://www.yootheme.com/ Contact : andresg8884tgmaildotcom Web: : www.ilegalintrusion.net & www.bl4ck-p0rtal.org Dork : No DoRk f0R ScRipT KiDDieS The GET variable ytcolo...

Joomla yt_color YOOOtheme XSS and Cookie Stealing

No description provided by source. andresg888 Exploit Title : Joomla ytcolor YOOOtheme xss, cookie stealing Date : 2009-12-04 Author : andresg888 Software Link : http://www.yootheme.com/ Contact : andresg8884tgmaildotcom Web: : www.ilegalintrusion.net & www.bl4ck-p0rtal.org Dork : No DoRk f0R...