[SECURITY] [DSA-2089-1] New php5 packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2089-1 [email protected] http://www.debian.org/security/ Raphael Geissert August 6, 2010 http://www.debian.org/security/faq -...

PHP 5.x < 5.3.3 Information Disclosure Vulnerability

PHP is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

CVE-2010-2100

The 1 htmlentities, 2 htmlspecialchars, 3 strgetcsv, 4 httpbuildquery, 5 strpbrk, and 6 strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function,...

Debian DSA-1940-1 : php5 - multiple issues

Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems : The following issues have been fixed in both the stable lenny and the oldstable etch distributions : - CVE-2009-2687...

[SECURITY] [DSA-1940-1] New php5 packages fix several issues

------------------------------------------------------------------------ Debian Security Advisory DSA-1940-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 25, 2009 http://www.debian.org/security/faq -...

CVE-2009-1960

CVE-2009-1960 affects DokuWiki (versions including 2009-02-14 and earlier rc revisions) where inc/init.php is vulnerable when register_globals is enabled. The flaw allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php, a...

Dokuwiki 2009-02-14 File Inclusion

Dokuwiki 2009-02-14 Remote/Temporary File Inclusion exploit tested and working I was reading: http://www.milw0rm.com/exploits/8781 by girex quote It's not a RFI couse use of fileexists function. /quote How wrong brother! trick 1 ftp:// wrapper with php 5: needs registerglobals = on allowurlfopen ...

Dokuwiki 2009-02-14 - Temporary/Remote File Inclusion

Dokuwiki 2009-02-14 Remote/Temporary File Inclusion exploit tested and working I was reading: http://www.milw0rm.com/exploits/8781 by girex quote It's not a RFI couse use of fileexists function. /quote How wrong brother! trick 1 ftp:// wrapper with php 5: needs registerglobals = on allowurlfopen ...

Debian Security Advisory DSA 1789-1 (php5)

The remote host is missing an update to php5 announced via advisory DSA 1789-1. OpenVAS Vulnerability Test $Id: deb17891.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1789-1 php5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Debian: Security Advisory (DSA-1789-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHPizabi v0.848b C1 HFP1-3 Remote Command Execution Exploit

No description provided by source. !/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL keyword, and actually...

PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution

PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution !/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL...

Facil-CMS 0.1RC2 Multiple Remote Vulnerabilities

No description provided by source. Script Facil-CMS 0.1RC2 +download: http://sourceforge.net/project/platformdownload.php?groupid=217673 DORK inurl:modules.php?modload=News Copyright C 2008 by FacilCMS.org inurl: /facil-cms/ Author any.zicky Contact Me anydotzickyatgmaildotcom ; About Facil CMS i...

Facil-CMS 0.1RC2 - Multiple Vulnerabilities

Facil-CMS 0.1RC2 - Multiple Vulnerabilities Script Facil-CMS 0.1RC2 +download: http://sourceforge.net/project/platformdownload.php?groupid=217673 DORK inurl:modules.php?modload=News Copyright C 2008 by FacilCMS.org inurl: /facil-cms/ Author any.zicky Contact Me anydotzickyatgmaildotcom ; About...

Facil-CMS 0.1RC2 - Multiple Vulnerabilities

Script Facil-CMS 0.1RC2 +download: http://sourceforge.net/project/platformdownload.php?groupid=217673 DORK inurl:modules.php?modload=News Copyright C 2008 by FacilCMS.org inurl: /facil-cms/ Author any.zicky Contact Me anydotzickyatgmaildotcom ; About Facil CMS is a Free and Open Source Project fo...

PHP 5.x < 5.2.9 Multiple Vulnerabilities

Binary data 4943.prm...

CVE-2008-5625

PHP 5 before 5.2.7 does not enforce the errorlog safemode restrictions when safemode is enabled through a phpadminflag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "phpvalue errorlog" entry in a .htaccess file...

CVE-2008-5625

PHP 5 before 5.2.7 does not enforce the errorlog safemode restrictions when safemode is enabled through a phpadminflag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "phpvalue errorlog" entry in a .htaccess file...

CVE-2008-5625

PHP 5 before 5.2.7 is affected by CVE-2008-5625: when safe_mode is enabled via php_admin_flag in httpd.conf, error_log restrictions are not enforced, allowing context-dependent attackers to write to arbitrary files by placing a php_value error_log entry in .htaccess. The vulnerability arises from...

CVE-2008-5624

CVE-2008-5624 affects PHP 5 before 5.2.7 where page_uid/page_gid globals were not properly initialized for php_getuid, enabling context-dependent attackers to bypass safe_mode via error_log settings. The public record in the initial description confirms the vulnerability and its impact on permiss...