Authorization Bypass

php is vulnerable to authorization bypass. A flaw was found in the handling of the "mbstring.funcoverload" configuration setting. A value set for one virtual host, or in a user's .htaccess file, was incorrectly applied to other virtual hosts on the same server, causing the handling of multibyte...

PHP 5.2.5 'mbstring.func_overload' Webserver Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33542/info PHP is prone to a denial-of-service vulnerability because it fails to limit global scope for certain settings relating to Unicode text operations. Attackers can exploit this issue to crash the affected webserve...

PHP mbstring.func_overload Webserver本地拒绝服务漏洞

BUGTRAQ ID: 33542 CVE ID: CVE-2009-0754 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 运行在Apache上的PHP允许本地用户通过修改.htaccess中的mbstring.funcoverload设置来修改同一Web服务器上所承载的其他站点的行为，将设置应用到同一服务器的其他虚拟主机，导致无法正确的处理多字节字符串。 PHP PHP 5.1.6 PHP PHP 4.4.4 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://snaps.php.net/...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 6069)

Missing bounds checks of an error in the imageRotate function of the gd extension potentially allowed attackers to read portions of memory. CVE-2008-5498 The mbstring.funcoverload in .htaccess was applied to other virtual hosts on th same machine. CVE-2009-0754 %NASLMINLEVEL 70300 C Tenable Netwo...

Fedora 10 : maniadrive-1.2-13.fc10 / php-5.2.9-2.fc10 (2009-3768)

Update to PHP 5.2.9 A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2008-5557 A directory...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-6068)

php 5.1.9 fixes among other things some security issues : - Missing bounds checks of an error in the imageRotate function of the gd extension potentially allowed attackers to read portions of memory CVE-2008-5498. - the mbstring.funcoverload in .htaccess was applied to other virtual hosts on th...

PHP < 4.4.5, 5.1.x < 5.1.7, 5.2.x < 5.2.6 DoS Vulnerability

PHP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

Mandrake Security Advisory MDVSA-2009:066 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:066. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

CVE-2009-0754

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.funcoverload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server...

Code injection

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.funcoverload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server...

CVE-2009-0754

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.funcoverload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server...

PHP 4.x < 4.4.9 Multiple Vulnerabilities

Binary data 4620.prm...

PHP < 4.4.9 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 4.4.9. Such versions may be affected by several security issues : - There are unspecified issues in the bundled PCRE library fixed by version 7.7. - A buffer overflow in the 'imageloadfont' function in...