15 matches found
SUSE CVE-2007-4670
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285...
php malformed cookie handling
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285...
php malformed cookie handling
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285...
openSUSE 10 Security Update : php5 (php5-3753)
The following issues have been fixed in PHP, which were spotted by the MOPB project or fixed in PHP 5.2.3 release : - missing openbasedir and safemode restriction CVE-2007-3007 - chunksplit integer overflow CVE-2007-2872 - DoS condition in libgd's image processing CVE-2007-2756 - possible...
FreeBSD : php -- multiple vulnerabilities (71d903fc-602d-11dc-898c-001921ab2fa4)
The PHP development team reports : Security Enhancements and Fixes in PHP 5.2.4 : - Fixed a floating point exception inside wordwrap Reported by Mattias Bengtsson - Fixed several integer overflows inside the GD extension Reported by Mattias Bengtsson - Fixed size calculation in chunksplit Reporte...
Code injection
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285...
CVE-2007-4670
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285...
CVE-2007-4670
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285...
CVE-2007-4670
CVE-2007-4670 is not a standalone, validated issue in the Initial CVE entry; connected documents corroborate it as a PHP session cookie handling bug linked to prior PHP updates. Multiple advisories (Oracle Linux RH/ELSA entries, Scientific Linux) enumerate CVE-2007-4670 among a set of PHP issues ...
php -- multiple vulnerabilities
The PHP development team reports: Security Enhancements and Fixes in PHP 5.2.4: Fixed a floating point exception inside wordwrap Reported by Mattias Bengtsson Fixed several integer overflows inside the GD extension Reported by Mattias Bengtsson Fixed size calculation in chunksplit Reported by...
MOPB-44-2007:PHP 5.2.0 Memory Manager Signed Comparision Vulnerability
Summary The new Zend Memory Manager that shipped with PHP 5.2.0 contains a comparison that wrongly casts some numbers to signed integers. Therefore a request for a very large amount of memory will be handled as a negative number and therefore result in only a minimum sized memory block being...
CVE-2007-1711
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...
CVE-2007-1711
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...
MOPB-10-2007:PHP php_binary Session Deserialization Information Leak Vulnerability
Summary The PHP session extension comes with a serialization handler called 'phpbinary' that is vulnerable to a heap information leak vulnerability. This security hole is the result of a missing boundary check and allows leaking up to 126 bytes following the serialized data into array keys of the...
PHP 4.5.0 - Unserialize Overflow (Metasploit)
PHP 4.5.0 - Unserialize Overflow Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ requir...