CVE-2019-9022

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...

Internet Bug Bounty: null pointer dereference in imap_mail

in imapmail if message args is null, in phpimapmail no check wheater message can get, so crash. fprintfsendmail, "\n%s\n", message; /usr/local/php/bin/php ./craxxx.php Warning: imapmail: No message string in mail command in /home/fan/github/php-7.2.10/myselffuzz/craxxx.php on line 3 sh: 1: -t: no...

[SECURITY] [DLA 818-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u7 CVE ID : CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-4342 CVE-2016-9934 CVE-2016-9935 CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 PHP-Bugs : 71323 70979 71039 71459 71391 71335 Several issues have been discovered in PHP recursive...

CVE-2014-3480

The cdfcountchain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...

DSA-2408-1 php5 - several

Bulletin has no description...

Ubuntu Update for php5 vulnerabilities USN-455-1

Ubuntu Update for Linux kernel vulnerabilities USN-455-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4551.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for php5 vulnerabilities USN-455-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-455-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3978)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3979)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3288)

This Update fixes numerous vulnerabilities in PHP. Most of them were made public during the 'Month of PHP Bugs'. The vulnerabilities potentially lead to crashes, information leaks or even execution of malicious code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

PHP: Multiple vulnerabilities

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs MOPB by Stefan Esser. The most severe of these...

PHP classical bugs in phpBB allows remote code execution

Uninitialized PHP variables and ability to modify SQL query allow to execute code on server. Crossite scripting. Invalid NULL-byte handling leads to DoS...