17 matches found
SUSE CVE-2007-1583
The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...
PHP <= 5.1.6 Mb_Parse_Str Function Register_Globals Activation Weakness
No description provided by source. source: http://www.securityfocus.com/bid/23016/info PHP is prone to a weakness that allows attackers to enable the 'registerglobals' directive because the application fails to handle a memory-limit exception. Enabling the PHP 'registerglobals' directive may allo...
Ubuntu Update for php5 vulnerabilities USN-455-1
Ubuntu Update for Linux kernel vulnerabilities USN-455-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4551.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for php5 vulnerabilities USN-455-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
Heap overflow
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...
GLSA-200705-19 : PHP: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200705-19 PHP: Multiple vulnerabilities Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs MOPB by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the G...
FreeBSD : php -- multiple vulnerabilities (f5e52bf5-fc77-11db-8163-000e0c2e438a)
The PHP development team reports : Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7 : - Fixed CVE-2007-1001, GD wbmp used with invalid image size - Fixed asciiz byte truncation inside mail - Fixed a bug in mbparsestr that can be used to activate registerglobals - Fixed unallocated memor...
security flaw
The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...
security flaw
The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...
security flaw
The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...
MOPB-26-2007:PHP mb_parse_str() register_globals Activation Vulnerability
Summary When the mbparsestr function, which is the multibyte variant of the parsestr function, is called with only one parameter and is interrupted by for example a memorylimit violation the registerglobals directive will get internally activated during the process and not deactivated. Therefore...
CVE-2007-1583
The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...
Code injection
The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...
CVE-2007-1583
CVE-2007-1583 is a PHP mbstring issue. mb_parse_str() could force enablement of register_globals, leading to global variable injection via a script and potentially exposing or altering data. The description notes remote attackers could exploit this in a way that is not detectable by affected scri...
CVE-2007-1583
The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...
PHP Mb_Parse_Str函数Register_Globals激活漏洞
PHP是一款广泛使用的WEB开发脚本语言。 PHP不正确处理内存限制异常问题,远程攻击者可能利用此漏洞激活registerglobals',可导致进一步对系统进行攻击。 当mbparsestr函数仅使用一个参数调用时会内部激活egisterglobals,这个激活操作通过直接在内存中操作标记来完成,没有进入帐户memorylimit中断: if info-forceregisterglobals prevrgstate = PGregisterglobals; PGregisterglobals = 1;...
PHP 5.1.6 - Mb_Parse_Str Function Register_Globals Activation
source: https://www.securityfocus.com/bid/23016/info PHP is prone to a weakness that allows attackers to enable the 'registerglobals' directive because the application fails to handle a memory-limit exception. Enabling the PHP 'registerglobals' directive may allow attackers to further exploit...
PHP 5.1.6 - Mb_Parse_Str Function Register_Globals Activation
PHP 5.1.6 - MbParseStr Function RegisterGlobals Activation source: https://www.securityfocus.com/bid/23016/info PHP is prone to a weakness that allows attackers to enable the 'registerglobals' directive because the application fails to handle a memory-limit exception. Enabling the PHP...