MiracleLinux 7 : php-5.4.16-48.0.10.el7.AXS7 (AXSA:2025-10839:09)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10839:09 advisory. CVE-2025-1736: fix incorrect validation of CRLF in http headers CVEs: CVE-2025-1736 In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. befor...

AZL-59334 CVE-2025-1734 affecting package php for versions less than 8.3.19-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...

CVE-2025-1736

CVE-2025-1736 affects PHP 8.1.x before 8.1.32, 8.2.x before 8.2.28, 8.3.x before 8.3.19, and 8.4.x before 8.4.5. The issue is caused by insufficient validation of end-of-line characters in user-supplied headers, which may prevent certain headers from being sent or cause headers to be misinterpret...

Security update for php8

This update for php8 fixes the following issues: CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers bsc1239664 CVE-2024-11235: Fixed reference counting in phprequestshutdown causing Use-After-Free bsc1239666 CVE-2025-1219: Fixed libxml streams using wrong...

php: HTTP response splitting in header() function

The header PHP function allowed header stings containing line break followed by a space or tab, as allowed by RFC 2616. Certain browsers handled the continuation line as new header, making it possible to conduct a HTTP response splitting attack against such browsers. The header function was updat...

Design/Logic Flaw

The sapiheaderop function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improp...

minb-db.txt

Minb Is Not A Blog default password directory http://sourceforge.net/projects/minb Via looking in a default directory, any user can access the users.db file which contains the username and encrypted password of the person running the board. Try it for your self: www.example.com/minb/db/users.db T...

PHP 5.2.0 header() Space Trimming Buffer Underflow Exploit (MacOSX)

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | \| || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / //...

PHP 4.2.3 - Header Function Script Injection

PHP 4.2.3 - Header Function Script Injection source: https://www.securityfocus.com/bid/5669/info PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems. It has been reported that a vulnerability in the PHP...

PHP 4.2.3 - Header Function Script Injection

source: https://www.securityfocus.com/bid/5669/info PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems. It has been reported that a vulnerability in the PHP header function exists. It may be possible for ...