CLSA-2026-1776972009 php: Fix of 3 CVEs

CVE-2021-21707: fix NUL byte truncation in XML/DOM URI file loading - CVE-2022-31628: fix phar wrapper denial of service when loading compressed quine archives - CVE-2022-31629: discard HTTP variables that mangle into Host- or Secure- prefixes...

CVE-2015-9466

The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTPCLIENTIP, HTTPXFORWARDEDFOR, HTTPXFORWARDED, HTTPFORWARDEDFOR, or HTTPFORWARDED variable...

CVE-2015-9466

The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTPCLIENTIP, HTTPXFORWARDEDFOR, HTTPXFORWARDED, HTTPFORWARDEDFOR, or HTTPFORWARDED variable...

CVE-2005-3417

phpBB 2.0.17 and earlier, when the registerlongarrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP variables...

CVE-2005-3417

phpBB 2.0.17 and earlier, when the registerlongarrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP variables...

CVE-2005-2691

includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTROVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code...

Portcullis Security Advisory 05-005

Portcullis Security Advisory Vulnerable System: Webseries Payment Application Vulnerability Title: Internal Path Disclosure in HTTP Variables Vulnerability discovery and development: Portcullis Security Testing Services Affected systems: Bottomline Webseries Payment Application Details: Several...