22 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-5768
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x...
K95432245: PHP vulnerability CVE-2016-5768
Security Advisory Description Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application...
SUSE CVE-2008-5557
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...
Arbitrary Code Execution
php is vulnerable to arbitrary code execution. A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code...
Arbitrary Code Execution
php is vulnerable to arbitrary code execution. A flaw was found in the way the mbstring extension set global variables. A script which used the mbparsestr function to set global variables could be forced to enable the registerglobals configuration option, possibly resulting in global variable...
Fedora 28 : php-erusev-parsedown (2019-009fdcfb60)
1.7.1 - \475: 'Loose' lists will now contain paragraphs in all items, not just some. - \433: Links will no longer be double nested - \525: The info-string when beginning a code block may now contain non-word characters e.g. c++ - \561: The mbstring extension which we already depend on has been...
Fedora 29 : php-erusev-parsedown (2019-b02e9bf467)
1.7.1 - \475: 'Loose' lists will now contain paragraphs in all items, not just some. - \433: Links will no longer be double nested - \525: The info-string when beginning a code block may now contain non-word characters e.g. c++ - \561: The mbstring extension which we already depend on has been...
F5 Networks BIG-IP : PHP vulnerability (K95432245)
Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...
CVE-2016-5768
Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...
CVE-2016-5768
Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...
CVE-2016-5768
Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...
Internet Bug Bounty: Negative size parameter (-1) in memcpy mbfl_strcut
https://bugs.php.net/bug.php?id=71906 Memory corruption issue on mbstring extension, issue reported to PHP developers on 2016-03-26, fixed 2016-03-29 and released at 2016-03-31, affected PHP 5.5 , PHP 5.6 and PHP 7. http://php.net/ChangeLog-5.php5.5.34 http://php.net/ChangeLog-5.php5.6.20...
php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...
Mandriva Update for php MDKSA-2007:090 (php)
Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDKSA-2007:090 php Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...
Heap overflow
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...
PHP 5 < 5.2.7 Multiple Vulnerabilities
According to its banner, the version of PHP installed on the remote host is prior to 5.2.7. It is, therefore, affected by multiple vulnerabilities : - There is a buffer overflow flaw in the bundled PCRE library that allows a denial of service attack. CVE-2008-2371 - Multiple directory traversal...
CentOS 5 : php (CESA-2007:0153)
Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A...
Important: Red Hat Security Advisory: php security update
Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...
WordPress Trackback Charset Decoding SQL Injection
The version of WordPress on the remote host supports trackbacks in alternate character sets and decodes them after escaping SQL parameters. By specifying an alternate character set and encoding input with that character set while submitting a trackback, an unauthenticated, remote attacker can...