14 matches found
EUVD-2007-1392
Malware in sbrugna...
CVE-2007-1396
The importrequestvariables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the 1 GET, 2 POST, 3 COOKIE, 4 FILES, 5 SERVER, 6 SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address a...
PHP 5.2.2 Import_Request_Variables 函数过滤不全导致内容欺骗漏洞
No description provided by source...
php vulnerability session register_globals login security-vulnerability warning-the black bar safety net
The first to see this a simple piece of code When php. ini in the configuration registerglobals = Off, Without any problems, Output yes But When php. ini in the configuration registerglobals = On time, First run output yes And refresh, the display is no Obviously this is not normal, This is a ver...
openSUSE 10 Security Update : php5 (php5-3745)
The following issues have been fixed in PHP, which were spotted by the MOPB project or fixed in PHP 5.2.3 release : - missing openbasedir and safemode restriction CVE-2007-3007 - chunksplit integer overflow CVE-2007-2872 - DoS condition in libgd's image processing CVE-2007-2756 - possible...
Design/Logic Flaw
The importrequestvariables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the 1 GET, 2 POST, 3 COOKIE, 4 FILES, 5 SERVER, 6 SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address a...
CVE-2007-1396
The importrequestvariables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the 1 GET, 2 POST, 3 COOKIE, 4 FILES, 5 SERVER, 6 SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address a...
CVE-2007-1396
The CVE-2007-1396 entry describes a vulnerability in PHP where import_request_variables (PHP 4.0.7–4.4.6 and 5.x before 5.2.2) can overwrite superglobals (GET, POST, COOKIE, FILES, SERVER, SESSION, etc.) when called without a prefix, enabling remote attackers to spoof source IP and Referer data a...
CVE-2007-1396
The importrequestvariables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the 1 GET, 2 POST, 3 COOKIE, 4 FILES, 5 SERVER, 6 SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address a...
PHP import_request_variables()函数任意变量覆盖漏洞
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的importrequestvariables函数实现上存在漏洞,远程攻击者可能利用此漏洞控制服务器。 远程攻击者可以利用PHP的importrequestvariables函数覆盖$和$变量(任意php变量),导致执行任意代码。有漏洞代码位于以下文件中: ./ext/standard/basicfunctions.c:PHPFUNCTIONimportrequestvariables ./Zend/zendhash.c:ZENDAPI void...
[Full-disclosure] PHP import_request_variables() vs extract()
Please note that also extract will override any variable exluded $GLOBALS but the main difference is that on http://it2.php.net/extract you are advised to do not use "extract against untrusted data, like user-input $GET, ...." quote if you want to run old code that relies on registerglobals...
PHP import_request_variables() arbitrary variable overwrite
PHP importrequestvariables arbitrary variable overwrite Name Using importrequestvariables you can overwrite $ and $ any php variable. Systems Affected PHP =4.0.7 =5.2.1 Severity High Vendor http://www.php.net/ Advisory http://www.wisec.it/vulns.php?id=10 http://www.wisec.it/vuln10.txt Authors...
PHP import_request_variables() Arbitrary Variable Overwrite
PHP importrequestvariables arbitrary variable overwrite Name Using importrequestvariables you can overwrite $ and $ any php variable. Systems Affected PHP =4.0.7 From the PHP manual: quote Imports GET/POST/Cookie variables into the global scope. It is useful if you disable registerglobals, but...
PHP import_request_variables internal variables overwrite
$GET $POST $COOKIE $FILES $SERVER $SESSION and another internal variables may be overwritten during import...