SUSE CVE-2010-4156

The mbstrcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter aka the length parameter...

SUSE: Security Advisory (SUSE-SU-2016:1277-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. An attacker is able to execute arbitrary code on the host OS via a malicious mbstrcut call...

Ubuntu: Security Advisory (USN-2984-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2984-1: PHP vulnerabilities

It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2015-8865 Hans Jerry Illikainen...

USN-2984-1 php5, php7.0 vulnerabilities

It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2015-8865 Hans Jerry Illikainen...

openSUSE Security Update : php5 (openSUSE-2016-626)

This update for php5 fixes the following security issues : - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2015-8867: The PHP function...

CVE-2016-4073

Multiple integer overflows in the mbflstrcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted mbstrcut call...

Ubuntu 15.10 : php5 regression (USN-2952-2)

USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem. We apologize for the inconvenience. It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A...

PHP 'mb_strcut()' Function Denial of Service Vulnerability

PHP is an open source general-purpose computer scripting language. The PHP 'mbstrcut' function fails to properly handle string formatting, allowing a remote attacker to exploit the vulnerability by submitting a special request to crash the application...

Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2952-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2952-1 advisory. It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this...

USN-2952-1: PHP vulnerabilities

It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. CVE-2014-9767 It was discovered that the PHP Soap client incorrectly validated data types. A remote...

SOL12597 - PHP vulnerability CVE-2010-4156

PHP vulnerability CVE-2010-4156 describes a vulnerability where the mbstrcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter aka the length parameter. Information...

php information disclosure via mb_strcut()

The mbstrcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter aka the length parameter...

USN-1042-1: PHP vulnerabilities

It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting XSS protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10. CVE-2009-5016 It was discovered that the XML UTF-8 decoding code did not...

PHP'mb_strcut（）'函数信息泄露漏洞

PHP是容易出现一个信息泄露漏洞。 攻击者可以利用此问题来获取敏感信息，可能导致进一步的攻击。 Red Hat Fedora 14 Red Hat Fedora 13 PHP PHP 5.3.2 PHP PHP 5.3.1 PHP PHP 5.3 PHP PHP 5.3.4 PHP PHP 5.3.3 MandrakeSoft Linux Mandrake 2010.1 x8664 MandrakeSoft Linux Mandrake 2010.1 MandrakeSoft Linux Mandrake 2010.0 x8664 MandrakeSoft Linux Mandrake...

CVE-2010-4156

The mbstrcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter aka the length parameter...

Code injection

The mbstrcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter aka the length parameter...

EUVD-2010-4132

The mbstrcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter aka the length parameter...

CVE-2010-4156

CVE-2010-4156 affects Libmbfl 1.1.0 as used in PHP 5.3.x up to 5.3.3. The mb_strcut function can disclose memory when the length parameter is large, enabling context-dependent attackers to access potentially sensitive information. The connected documents confirm the issue and list affected adviso...