28 matches found
EUVD-2006-4613
Malware in sbrugna...
K13231: PHP vulnerability CVE-2009-2626
Security Advisory Description In PHP 5.3.0 and PHP 5.2.10 and earlier, the zendrestoreinientrycb function in zendini.c allows context-specific attackers to obtain sensitive information memory contents and causes PHP to fail by using the iniset function to declare a variable, and then using the...
PHP 5.2.10/5.3 'ini_restore()' Memory Information Disclosure Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/36009/info PHP is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. ?php inisetsession.savepath, 0123456789ABCDEF;...
PHP 5.2.10/5.3 'ini_restore()' Memory Information Disclosure Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/36009/info PHP is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. ?php inisetopenbasedir, A; inirestoreopenbasedir;...
SOL13231 - PHP vulnerability CVE-2009-2626
In PHP 5.3.0 and PHP 5.2.10 and earlier, the zendrestoreinientrycb function in zendini.c allows context-specific attackers to obtain sensitive information memory contents and causes PHP to fail by using the iniset function to declare a variable, and then using the inirestore function to restore t...
Mandriva Linux Security Advisory : php (MDVSA-2010:008)
Multiple vulnerabilities has been found and corrected in php : The zendrestoreinientrycb function in zendini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information memory contents and cause a PHP crash by using the iniset function to declare...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : php5 vulnerabilities (USN-882-1)
Maksymilian Arciemowicz discovered that PHP did not properly handle the inirestore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. CVE-2009-2626 It was discovered that the htmlspecialchars...
PHP 5.2.10/5.3.0 - 'ini_restore()' Memory Information Disclosure
Credit/Author: Maksymilian Arciemowicz from SecurityReason Vulnerable: PHP PHP 5.3 PHP PHP 5.2.10 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5...
PHP 5.2.105.3.0 - ini_restore() Memory Information Disclosure
PHP 5.2.105.3.0 - inirestore Memory Information Disclosure Credit/Author: Maksymilian Arciemowicz from SecurityReason Vulnerable: PHP PHP 5.3 PHP PHP 5.2.10 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k...
Information disclosure
The zendrestoreinientrycb function in zendini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information memory contents and cause a PHP crash by using the iniset function to declare a variable, then using the inirestore function to restore the...
CVE-2009-2626
The zendrestoreinientrycb function in zendini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information memory contents and cause a PHP crash by using the iniset function to declare a variable, then using the inirestore function to restore the...
PHP 5.3.0 ini_restore 函数导致内存信息泄露
No description provided by source...
CVE-2009-2626
The zendrestoreinientrycb function in zendini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information memory contents and cause a PHP crash by using the iniset function to declare a variable, then using the inirestore function to restore the...
PHP ini_restore()内存信息泄露漏洞
BUGTRAQ ID: 36009 CVE ID: CVE-2009-2626 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 在使用inirestore函数重置PHP配置环境时PG类中的变量会显示任意部分的内存。如果要利用这个漏洞,攻击者必须要通过iniset函数声明变量。 - ---zendini.c--- static int zendrestoreinientrycbzendinientry inientry, int stage TSRMLSDC / / if inientry-modified if inientry-onmodify...
[SECURITY] [DSA-1940-1] New php5 packages fix several issues
------------------------------------------------------------------------ Debian Security Advisory DSA-1940-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 25, 2009 http://www.debian.org/security/faq -...
PHP 5.2.105.3 - ini_restore() Memory Information Disclosure (2)
PHP 5.2.105.3 - inirestore Memory Information Disclosure 2 source: https://www.securityfocus.com/bid/36009/info PHP is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks...
PHP 5.2.10/5.3 - 'ini_restore()' Memory Information Disclosure (1)
source: https://www.securityfocus.com/bid/36009/info PHP is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks...
SuSE 10 Security Update : PHP (ZYPP Patch Number 2152)
The inirestore method could be exploited to reset options set in the webserver config to their default values. CVE-2006-4625 The memory handling routines contained an integer overflow. CVE-2006-4812 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...
SUSE-SA:2006:059: php4,php5
The remote host is missing the patch for the advisory SUSE-SA:2006:059 php4,php5. The inirestore method could be exploited to reset options such as openbasedir when set via the web server config file to their default value set in php.ini CVE-2006-4625. Additionally php5 on all products as well as...
PHP Ini_Restore() Safe_Mode及Open_Basedir限制绕过漏洞
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP在处理配置选项时存在漏洞,远程攻击者可能利用此漏洞绕过安全限制。 如果将PHP用作Apache模块的话,就可以使用Apache配置文件(如httpd.conf)中的指令更改配置设置。例如,httpd.conf中的openbasedir: - --- Directory /usr/home/frajer/publichtml/ Options FollowSymLinks MultiViews Indexes AllowOverride None phpadminflag safemode 1...