53 matches found
Fedora Update for mantis FEDORA-2008-6647
Check for the Version of mantis OpenVAS Vulnerability Test Fedora Update for mantis FEDORA-2008-6647 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
[Full-disclosure] PHP 5.2.6 chdir(), ftok() (standard ext) safe_mode bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.6 chdir,ftok standard ext safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 securityreason.com Date: - - Written: 10.05.2008 - - Public: 17.06.2008 SecurityReason Research SecurityAlert Id: 55 CVE: CVE-2008-2666 CWE: CWE-264 SecurityRisk...
Mandrake Linux Security Advisory : php (MDKSA-2007:187)
Numerous vulnerabilities were discovered in the PHP scripting language that are corrected with this update. An integer overflow in the substrcompare function allows context-dependent attackers to read sensitive memory via a large value in the length argument. This only affects PHP5 CVE-2007-1375....
PHP 4.4.7/5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass
Affected Products: Philip Olausson Reported: 2007-06-05 Released: 2007-08-30 CVE: CVE-2007-3997 Issue: A vulnerability exists in PHP's MySQL and MySQLi extenstions which can be used to bypass PHP's safemode security restriction. Description: PHP is a widely-used general-purpose scripting language...
Modify the PHP core Backdoor implementation-vulnerability warning-the black bar safety net
Developing A PHP Core Backdoor Author: wofeiwo/I non-I wofeiwoatgmaildotcom Directory 1Foreword 2The advantages and disadvantages of 3design 4functions to achieve 5reference to documents 6some description 1Foreword PHP is a very popular web server side script language. At present, many web...
SUSE-SA:2006:067: php4,php5
The remote host is missing the patch for the advisory SUSE-SA:2006:067 php4,php5. This update fixes the following security problems in the PHP scripting language: - CVE-2006-5465: Various buffer overflows in htmlentities / htmlspecialchars internal routines could be used to crash the PHP...
[BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 --------------------------------------------------- | BuHa Security-Advisory 7 | Feb 14th, 2006 | --------------------------------------------------- | Vendor | Mantis BT | | URL | http://www.mantisbt.org/ | | Version | = Mantis 1.00rc4 | | Risk ...
iDEFENSE Security Advisory 03.31.05: PHP getimagesize() Multiple Denial of Service Vulnerabilities
PHP getimagesize Multiple Denial of Service Vulnerabilities iDEFENSE Security Advisory 03.31.05 www.idefense.com/application/poi/display?id=222&type=vulnerabilities March 31, 2005 I. BACKGROUND PHP is a widely-used general-purpose scripting language that is especially suited for Web development a...
[Full-Disclosure] iDEFENSE Security Advisory 06.07.04: PHP Win32 escapeshellcmd() and escapeshellarg() Input Validation Vulnerability
PHP Win32 escapeshellcmd and escapeshellarg Input Validation Vulnerability iDEFENSE Security Advisory 06.07.04: www.idefense.com/application/poi/display?id=108&type=vulnerabilities June 7, 2004 I. BACKGROUND PHP is a widely-used general-purpose scripting language that is especially suited for Web...
PHP fails to filter ASCII control characters from string arguments of mail() function
Overview PHP does not properly filter parameters to its mail function. Description PHP is a scripting language widely used in web application development. PHP includes a function called mail that takes message parameters such as recipient address and sends mail using sendmail. PHP does not filter...
Php variables passed from the browser are stored in global context
Overview Php is a dynamic scripting language used by programmers to develop webservers, message boards, chat applications and a variety of programs. By default php stores variables passed from the URL in a global context. Programmers often fail to change this setting which can allow serious...
PHP remote format string vulnerabilities
OVERVIEW PHP is a commonly used HTML-embedded scripting language. Format string vulnerabilities exist in the error logging routines of PHP versions 3 and 4, allowing remote users to execute arbitrary code under the web server's user id. A web server having PHP installed and one or more PHP script...
PHP 3.04.0 - Error Logging Format String
PHP 3.04.0 - Error Logging Format String // source: https://www.securityfocus.com/bid/1786/info PHP is a scripting language designed for CGI applications that is used on many websites. There exists a remotely exploitable format string vulnerability in all versions of PHP below PHP 4.0.3. The...