234 matches found
php security update
CentOS Errata and Security Advisory CESA-2007:0076 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...
WordPress Trackback Charset Decoding SQL Injection
The version of WordPress on the remote host supports trackbacks in alternate character sets and decodes them after escaping SQL parameters. By specifying an alternate character set and encoding input with that character set while submitting a trackback, an unauthenticated, remote attacker can...
DEBIAN-CVE-2007-0107
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7...
Sql injection
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7...
CVE-2007-0107
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7...
CVE-2007-0107
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7...
CVE-2007-0107
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7...
WordPress Charset解抹SQL注入漏洞
WordPress是一款流行的网络日记程序。 WordPress处理字符集解码存在问题,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 在当PHP的mbstring扩展激活时,WordPress支持使用不同字符集解码Trackback,因为解码发送在数据库为输入数据执行选择正确的字符集之前,因此允许绕过针对SQL注入的保护。 为了演示需要,Stefan Esser建议使用UTF-7字符集来利用,因为其他的多字节字符集允许多字节序列以''结尾。...
CVE-2007-0107
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7...
CVE-2007-0107
Vulnerability: CVE-2007-0107 affects WordPress prior to 2.0.6 when PHP mbstring is enabled. Root cause: mbstring decoding of alternate character sets occurs after escaping SQL, allowing bypass of SQL-injection protections and execution of arbitrary SQL commands (demonstrated with UTF-7). Impact: ...
CVE-2007-0107
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7...
php security update
CentOS Errata and Security Advisory CESA-2006:0669 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...
Fedora Core 2 : php-4.3.8-2.1 (2004-223)
This update includes the latest release of PHP 4, including fixes for security issues in memory limit handling CVE-2004-0594, and the striptags function CVE-2004-0595. CVE-2004-0595 is not known to be exploitable in the default configuration if using httpd 2.0.50, but can be triggered if the...
Fedora Core 1 : php-4.3.8-1.1 (2004-222)
This update includes the latest release of PHP 4, including fixes for security issues in memory limit handling CVE-2004-0594, and the striptags function CVE-2004-0595. CVE-2004-0595 is not known to be exploitable in the default configuration if using httpd 2.0.50, but can be triggered if the...