Mandriva Update for php-eaccelerator MDVA-2010:166-1 (php-eaccelerator)

Check for the Version of php-eaccelerator OpenVAS Vulnerability Test Mandriva Update for php-eaccelerator MDVA-2010:166-1 php-eaccelerator Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Fedora 11 : maniadrive-1.2-18.fc11 / php-5.2.13-1.fc11 (2010-4114)

This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related, including: Fixed safemode validation inside tempnam when the directory path does not does not end with a / Fixed a possible openbasedir/safemode bypass in the sessio...

Fedora 12 : maniadrive-1.2-21.fc12 / php-5.3.2-1.fc12 (2010-4212)

This is a maintenance release in the 5.3 series, which includes a large number of bug fixes. Security Enhancements and Fixes in PHP 5.3.2: - Improved LCG entropy. Rasmus, Samy Kamkar - Fixed safemode validation inside tempnam when the directory path does not end with a /. Martin Jansen - Fixed a...

Mandriva Update for php-eaccelerator MDVA-2010:166 (php-eaccelerator)

Check for the Version of php-eaccelerator OpenVAS Vulnerability Test Mandriva Update for php-eaccelerator MDVA-2010:166 php-eaccelerator Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribut...

Mandriva Update for php-eaccelerator MDVA-2010:166 (php-eaccelerator)

Check for the Version of php-eaccelerator OpenVAS Vulnerability Test Mandriva Update for php-eaccelerator MDVA-2010:166 php-eaccelerator Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribut...

CVE-2010-2100

The 1 htmlentities, 2 htmlspecialchars, 3 strgetcsv, 4 httpbuildquery, 5 strpbrk, and 6 strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function,...

CVE-2010-1914

The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the 1 ZENDBWXOR opcode shiftleftfunction, 2 ZENDSL opcode bitwisexorfunction, or 3 ZENDSR opcode shiftrightfunction, related to the...

CVE-2010-1861

The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's sleep function to interrupt an internal call to the shmputvar function, which triggers access of a freed resource...

CVE-2010-1862

The chunksplit function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function, related to the call time pass by reference feature...

Design/Logic Flaw

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; semicolon characters in the argument to the sessionsavepath function, which allows context-dependent attackers to bypass openbasedir and safemode restrictions via an argument that contains multiple ;...

CVE-2010-1130

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; semicolon characters in the argument to the sessionsavepath function, which allows context-dependent attackers to bypass openbasedir and safemode restrictions via an argument that contains multiple ;...

CVE-2010-1130

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; semicolon characters in the argument to the sessionsavepath function, which allows context-dependent attackers to bypass openbasedir and safemode restrictions via an argument that contains multiple ;...

CVE-2010-1130

CVE-2010-1130 affects PHP’s session extension: in session.c, PHP versions before 5.2.13 and 5.3.1 fail to interpret semicolon characters properly in the session_save_path argument, enabling a context-dependent attacker to bypass open_basedir and safe_mode restrictions through an argument containi...

CVE-2010-1130

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; semicolon characters in the argument to the sessionsavepath function, which allows context-dependent attackers to bypass openbasedir and safemode restrictions via an argument that contains multiple ;...

Mandriva Update for php MDVSA-2010:058 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2010:058 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

PHP session_save_path()绕过safe_mode和open_basedir限制漏洞

BUGTRAQ ID: 38182 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 用户可通过iniset和sessionsavepath函数来设置session.savepath。在 session.savepath中应存在一个用户保存用户tmp文件的路径，但session.savepath的句法为： /PATH 或 N;/PATH N可以为字符串（应为数字） 例如： 1. sessionsavepath"/DIR/WHERE/YOU/HAVE/ACCESS" 2. sessionsavepath"5;/DIR/WHERE/YOU/HAVE/ACCESS...

PHP < 5.3.2 / 5.2.13 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 5.3.2 / 5.2.13. Such versions may be affected by several security issues : - Directory paths not ending with '/' may not be correctly validated inside 'tempnam' in 'safemode' configuration. - It may be possible...

PHP 5.2.12 / 5.3.1 safe_mode / open_basedir Bypass

PHP 5.2.12/5.3.1 session.savepath safemode and openbasedir bypass Credit: Grzegorz Stachowiak Provided by: SecurityReason.com Date: - Written: 31.01.2010 - Public: 11.02.2010 SecurityRisk: Medium Affected Software: PHP 5.2.12 PHP 5.3.1 Advisory URL:...

PHP 5.2.11/5.3.0 multiple vulnerabilities-vulnerability warning-the black bar safety net

? php / PHP 5.2.11/5.3.0 symlink openbasedir bypass by Maksymilian Arciemowicz cxib a. T securityreason d0t com CHUJWAMWMUZG / $fakedir="cx"; $fakedep=1 6; $num=0; // offset of symlink.$ num if! empty$GET'file' $file=$GET'file'; else if! empty$POST'file' $file=$POST'file'; else $file=""; echo...

PHP multiple security vulnerabilities

safemode bypass, openbasedir bypass, memory corruption...