PHP mbstring.func_overload web server denial of service

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.funcoverload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server...

php security update

5.1.6-23.2.el5 - ext/gd: fix overflow2 usage for CVE-2007-3996, CVE-2008-3658 5.1.6-23.1.el5 - add security fixes for CVE-2008-3658, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5814, and mbstring funcoverload issue 487369...

FreeBSD Ports: php4-mbstring

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: php4-mbstring

The remote host is missing an update to the system as announced in the referenced advisory. VID a2074ac6-124c-11de-a964-0030843d3802 OpenVAS Vulnerability Test $ Description: Auto generated from VID a2074ac6-124c-11de-a964-0030843d3802 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

FreeBSD : php-mbstring -- php mbstring buffer overflow vulnerability (a2074ac6-124c-11de-a964-0030843d3802)

SecurityFocus reports : PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. The issue affects the 'mbstring' extension included in the standard distribution. An attacker can exploit...

PHP 5.2.5 - 'mbstring.func_overload' WebServer Denial of Service

source: https://www.securityfocus.com/bid/33542/info PHP is prone to a denial-of-service vulnerability because it fails to limit global scope for certain settings relating to Unicode text operations. Attackers can exploit this issue to crash the affected webserver, denying service to legitimate...

PHP 4.3.x < 5.2.7 Buffer Overflow Vulnerability

PHP is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

PHP 'mbstring扩展缓冲区溢出漏洞

BUGTRAQ ID: 32948 CVE ID：CVE-2008-5557 PHP是一款网络编程语言。 PHP mbstring扩展存在输入验证错误，远程攻击者可以利用漏洞使应用程序崩溃。 mbstring扩展用于处理多字节unicode字符串，在解码部分HTML实体为unicode字符串时存在问题，由于解码器不正确处理错误条件，堆分配缓冲区的边界检查可被有效的绕过。攻击者利用漏洞可传送任意数据到堆特定域而以应用程序权限执行任意指令。 PHP PHP 5.2.6 PHP PHP 5.2.5 PHP PHP 5.2.4 PHP PHP 5.2.3 PHP PHP 5.2.2 PHP PH...

CVE-2008-5557

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...

Heap overflow

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...

CVE-2008-5557

CVE-2008-5557 is a heap-based buffer overflow in PHP’s mbstring extension (mbfilter_htmlent.c) present in PHP 4.3.0–5.2.6. The issue arises during Unicode conversion and can allow a context-dependent attacker to execute arbitrary code via a crafted string containing an HTML entity, related to the...

CVE-2008-5557

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...

php-mbstring -- php mbstring buffer overflow vulnerability

SecurityFocus reports: PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. The issue affects the 'mbstring' extension included in the standard distribution. An attacker can exploit th...

PHP 5 < 5.2.7 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is prior to 5.2.7. It is, therefore, affected by multiple vulnerabilities : - There is a buffer overflow flaw in the bundled PCRE library that allows a denial of service attack. CVE-2008-2371 - Multiple directory traversal...

RHEL 5 : php (RHSA-2007:0153)

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A...

CentOS 5 : php (CESA-2007:0153)

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A...

php security update

CentOS Errata and Security Advisory CESA-2007:0153 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting langua...

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A...

Important: Red Hat Security Advisory: php security update

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

php security update

CentOS Errata and Security Advisory CESA-2007:0076 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...