SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6634)

Three security bugs have been fixed in PHP5. - php5: potential overflow in phpstreamscandir. CVE-2012-2688 - openbasedir bypass via SQLite extension. CVE-2012-3365 - An out of band read sql denial of service has been fixed bnc769785. CVE-2012-3450 %NASLMINLEVEL 70300 C Tenable Network Security,...

SuSE 11.1 Security Update : php5 (SAT Patch Number 6627)

This update fixes two security issues of PHP5 : - Potential overflow in phpstreamscandir. CVE-2012-2688 - openbasedir bypass via SQLite extension. CVE-2012-3365 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11...

SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6634)

Three security bugs have been fixed in PHP5. - php5: potential overflow in phpstreamscandir. CVE-2012-2688 - openbasedir bypass via SQLite extension. CVE-2012-3365 - An out of band read sql denial of service has been fixed bnc769785. CVE-2012-3450 %NASLMINLEVEL 70300 C Tenable Network Security,...

FreeBSD : php5-sqlite -- open_basedir bypass (ec255bd8-02c6-11e2-92d1-000d601460a4)

MITRE CVE team reports : The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from th...

FreeBSD Ports: php5-sqlite

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Mandriva Linux Security Advisory : php (MDVSA-2012:108)

Multiple vulnerabilities has been discovered and corrected in php : Unspecified vulnerability in the phpstreamscandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow CVE-2012-2688. The SQLite...

open_basedir after there may be security risks-vulnerability warning-the black bar safety net

The current php site security configuration is substantially openbasedir+safemode, it is indeed very invincible, very safe, even when permission is not a good environment settings, so the configuration is quite safe, and, of course, does not consider some of the you can bypass. This article...

PHP security vulnerabilities

phpstreamscandir overflow, SQLite functionality openbasedir protection bypass...

Mandriva Update for php MDVSA-2012:108 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2012:108 php Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

PHP 5.3.x 'open_basedir'安全限制绕过漏洞

BUGTRAQ ID: 54612 CVE ID: CVE-2012-3365 PHP 是一种 HTML 内嵌式的语言，PHP与微软的ASP颇有几分相似，都是一种在服务器端执行的嵌入HTML文档的脚本语言，语言的风格有类似于C语言，现在被很多的网站编程人员广泛的运用。 PHP 5.3.15之前版本在SQLite扩展中存在错误，可被利用绕过"openbasedir"功能。 0 PHP 5.3.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net...

CVE-2012-3365

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

CVE-2012-3365

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

Design/Logic Flaw

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

CVE-2012-3365

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

PHP 5.3.x < 5.3.15 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.15, and is, therefore, potentially affected by the following vulnerabilities : - An unspecified overflow vulnerability exists in the function 'phpstreamscandir' in the file 'main/streams/streams.c'...

php5-sqlite -- open_basedir bypass

MITRE CVE team reports: The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

Fedora 16 : maniadrive-1.2-32.fc16.3 / php-5.3.11-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.3 (2012-6907)

Upstream Security Enhancements : - Fixed bug 54374 Insufficient validating of upload name leading to corrupted $FILES indices. CVE-2012-1172. - Add openbasedir checks to readlinewritehistory and readlinereadhistory. - Fixed bug 61043 Regression in magicquotesgpc fix for CVE-2012-0831. Upstream...

Fedora 15 : maniadrive-1.2-32.fc15.3 / php-5.3.11-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15.3 (2012-6911)

Upstream Security Enhancements : - Fixed bug 54374 Insufficient validating of upload name leading to corrupted $FILES indices. CVE-2012-1172. - Add openbasedir checks to readlinewritehistory and readlinereadhistory. - Fixed bug 61043 Regression in magicquotesgpc fix for CVE-2012-0831. Upstream...

Fedora 17 : maniadrive-1.2-38.fc17 / php-5.4.1-1.fc17 (2012-6869)

Upstream Security Enhancements : - Fixed bug 54374 Insufficient validating of upload name leading to corrupted $FILES indices. CVE-2012-1172. - Add openbasedir checks to readlinewritehistory and readlinereadhistory. Upstream announce: http://www.php.net/archive/2012.phpid2012-04-26-1 Note that...

PHP < 5.3.11 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such is potentially affected by multiple vulnerabilities : - During the import of environment variables, temporary changes to the 'magicquotesgpc' directive are not handled properly. This can...