EUVD-2015-4053

Malware in sbrugna...

SUSE CVE-2015-4025

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to 1...

[SECURITY] [DLA 444-1] php5 security update

Package : php5 Version : 5.3.3.1-7+squeeze29 CVE ID : CVE-2015-2305 CVE-2015-2348 CVE-2015-2305 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow...

Code injection

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to 1...

CVE-2015-4026

The CVE-2015-4026 issue affects PHP prior to 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9. The pcntl_exec implementation truncates a pathname when it hits a null byte (\x00), which may allow remote attackers to bypass extension restrictions and execute files with unintended names via a cra...

CVE-2015-4025

CVE-2015-4025 affects PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9. It truncates a pathname when a NULL byte is encountered in certain calls (set_include_path, tempnam, rmdir, readlink), allowing bypass of extension restrictions and access to files/dirs with unexpected names. Th...

CVE-2015-4026

The pcntlexec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument...

CVE-2015-2348

The moveuploadedfile implementation in ext/standard/basicfunctions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected...

UBUNTU-CVE-2010-4695

A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories...

CVE-2002-0499

The dpath function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories...

CVE-2002-0499

The CVE relates to the Linux kernel vulnerability where the d_path function truncates long pathnames without error in Linux kernel versions 2.2.20 and earlier, and 2.4.18 and earlier. This behavior can cause local users to cause programs to operate on incorrect directories, potentially enabling i...