PHP 5.4.x < 5.4.1 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.1, and, therefore, potentially affected by multiple vulnerabilities : - The '$FILES' variable can be corrupted because the names of uploaded files are not properly validated. CVE-2012-1172 - The...

PHP 5.4/5.3 deprecated Function eregi() memory_limit bypass vulnerability-vulnerability warning-the black bar safety net

PHP is an HTML embedded language, PHP and Microsoft ASP quite a bit similar, is a server-side implementation of the embedded HTML document the script language, the language style is similar to the C language, is now a lot of web site programmers widely use. PHP 5.3 after version deprecated based ...

PHP 5.4/5.3弃用函数eregi() memory_limit绕过漏洞

PHP 是一种HTML内嵌式的语言，PHP与微软的ASP颇有几分相似，都是一种在服务器端执行的嵌入HTML文档的脚本语言，语言的风格有类似于C语言，现在被很多的网站编程人员广泛的运用。 PHP 5.3之后版本弃用了基于POSIX正则表达式的函数，在5.4.0版本中，仍然使用这些函数，导致了绕过memorylimit，通过eregi耗尽内存。 0 PHP 5.4.0 厂商补丁： PHP --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.php.net PoC: 127 cat sym.php ?php...

php -- multiple vulnerabilities

php development team reports: Security Enhancements for both PHP 5.3.11 and PHP 5.4.1: Insufficient validating of upload name leading to corrupted $FILES indices. CVE-2012-1172 Add openbasedir checks to readlinewritehistory and readlinereadhistory. Security Enhancements for both PHP 5.3.11 only:...

PHP Symlink Function Race Condition open_basedir Bypass

According to its banner, the version of PHP installed on the remote host is affected by a security bypass vulnerability. A race condition exists in the symlink function that allows local users to bypass the openbasedir restriction by using a combination of symlink, mkdir, and unlink functions...

PHP 5.1.x < 5.1.5 Multiple Vulnerabilities

According to its banner, the version of PHP 5.x installed on the remote host is older than 5.1.5. Such versions may be affected by the following vulnerabilities : - The c-client library 2000, 2001, or 2004 for PHP does not check the safemode or openbasedir functions. CVE-2006-1017 - A buffer...

PHP: Multiple vulnerabilities

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact A...

TeaMp0isoN Shell - Private Build [BETA] - v0.1 Download !

TeaMp0isoN Shell - Private Build BETA - v0.1 Download ! Features - Mass Defacement Tool - Safe Mode Bypass - OpenBasedir Bypass - Fixed SQL managed - FTP Brute Force Tool - Fully Undetected Downlaod : Link Removed- Reason: Backdoor News Source : TeaMp0isoN...

FreeBSD Ports: php5

The remote host is missing an update to the system as announced in the referenced advisory. VID 73634294-0fa7-11e0-becc-0022156e8794 OpenVAS Vulnerability Test $ Description: Auto generated from VID 73634294-0fa7-11e0-becc-0022156e8794 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

FreeBSD Ports: php5

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Ubuntu Update for php5 vulnerabilities USN-1042-1

Ubuntu Update for Linux kernel vulnerabilities USN-1042-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10421.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for php5 vulnerabilities USN-1042-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : php5 regression (USN-1042-2)

USN-1042-1 fixed vulnerabilities in PHP5. The fix for CVE-2010-3436 introduced a regression in the openbasedir restriction handling code. This update fixes the problem. We apologize for the inconvenience. It was discovered that attackers might be able to bypass openbasedir restrictions by passing...

Ubuntu: Security Advisory (USN-1042-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-1042-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1042-2: PHP5 regression

USN-1042-1 fixed vulnerabilities in PHP5. The fix for CVE-2010-3436 introduced a regression in the openbasedir restriction handling code. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that attackers might be able to bypass...

[USN-1042-1] PHP vulnerabilities

=========================================================== Ubuntu Security Notice USN-1042-1 January 11, 2011 php5 vulnerabilities CVE-2009-5016, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4156, CVE-2010-4409, CVE-2010-4645...

FreeBSD : php -- open_basedir bypass (73634294-0fa7-11e0-becc-0022156e8794)

MITRE reports : fopenwrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass openbasedir restrictions via vectors related to the length of a filename. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : php5 vulnerabilities (USN-1042-1)

It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting XSS protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10. CVE-2009-5016 It was discovered that the XML UTF-8 decoding code did not...

USN-1042-1: PHP vulnerabilities

It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting XSS protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10. CVE-2009-5016 It was discovered that the XML UTF-8 decoding code did not...

Fedora 14 : maniadrive-1.2-23.fc14 / php-5.3.4-1.fc14.1 / php-eaccelerator-0.9.6.1-3.fc14 (2010-18976)

Security Enhancements and Fixes in PHP 5.3.4 : - Fixed crash in zip extract method possible CWE-170. - Paths with NULL in them foo\0bar.txt are now considered as invalid CVE-2006-7243. - Fixed a possible double free in imap extension Identified by Mateusz Kocielski. CVE-2010-4150. - Fixed NULL...