FCS Scanner 1.0 / 1.4 Command Injection

Document Title: =============== FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1538 Release Date: ============= 2015-06-30 Vulnerability Laboratory ID VL-ID: ==================================== 153...

PHP 4.x/5.0/5.1 with Sendmail Mail Function additional_parameters - Argument Arbitrary File Creation

No description provided by source. source: http://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safemode' and 'openbasedir' security settings to be bypassed. These issues reside in the 'mbsendmail' function, the 'mail' function, a...

Family Connections 2.2.3 Multiple Remote Vulnerabilities

Exploit for php platform in category web applications ======================================================== Family Connections 2.2.3 Multiple Remote Vulnerabilities ======================================================== Family Connections 2.2.3 Multiple Remote Vulnerabilities Name Family...

Dogfood CRM spell.php Remote Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Dogfood CRM...

Mandrake Linux Security Advisory : php (MDKSA-2007:090)

A heap-based buffer overflow vulnerability was found in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution CVE-2007-1001. A DoS flaw was found in how PHP processed a deeply nested array. A remote attacker coul...

Mandriva Update for php MDKSA-2007:090 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDKSA-2007:090 php Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

perlshop.cgi远程执行任意命令程序

BugCVE: CAN-1999-1374 perlshop.cgi是一个用Perl编写的基于Web的在线购物程序。perlshop.cgi实现上存在输入验证漏洞，远程攻击者可能利用此漏洞在主机上以Web进程的权限执行任意命令。 有问题的代码在这里：open MAIL, |$blatloc - -t $to -s $subject || &errtrap Can t open $blatloc!\n $blatloc定义的是NT下的一个命令行发信程序blat，$to是用户输入的邮件地址，程序中没有过滤“|&”等特殊字符，入侵者可以在邮件地址中插入系统命令。 3.1 临时解决方法：...

Cybozu Office browser script execution vulnerability

Overview The HTML-mail compliant web mail function of Cybozu Office contains a vulnerability that may allow an attacker to execute browser script. Impact If a Cybozu Office user logs into the system and opens an email containing exploit code sent by a remote attacker using the web mail function,...

Debian Security Advisory DSA 168-1 (PHP3, PHP4)

The remote host is missing an update to PHP3, PHP4 announced via advisory DSA 168-1. OpenVAS Vulnerability Test $Id: deb1681.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 168-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

RHEL 5 : php (RHSA-2007:0153)

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A...

FreeBSD : php -- multiple vulnerabilities (f5e52bf5-fc77-11db-8163-000e0c2e438a)

The PHP development team reports : Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7 : - Fixed CVE-2007-1001, GD wbmp used with invalid image size - Fixed asciiz byte truncation inside mail - Fixed a bug in mbparsestr that can be used to activate registerglobals - Fixed unallocated memor...

CentOS 5 : php (CESA-2007:0153)

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A...

Debian DSA-1282-1 : php4 - several vulnerabilities

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1286 Stefan Esser discovered an overflow ...

Fedora Core 5 : php-5.1.6-1.5 (2007-455)

This update fixes a number of security issues in PHP. A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. CVE-2007-1285 A flaw was found in the way...

Mandrake Linux Security Advisory : php (MDKSA-2007:089)

A heap-based buffer overflow vulnerability was found in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution CVE-2007-1001. A DoS flaw was found in how PHP processed a deeply nested array. A remote attacker coul...

DSA-1282-1 php4

Bulletin has no description...

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A...

security flaw

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the 1 Subject or 2 To parameter, as demonstrat...

security flaw

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the 1 Subject or 2 To parameter, as demonstrat...

Important: Red Hat Security Advisory: php security update

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...