654 matches found
MGASA-2013-0172 Updated php packages fix security vulnerabilies
Heap based buffer overflow in quotedprintableencode in PHP before version 5.4.16 CVE-2013-2110. Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service applicati...
mod_security
This evasion plugin performs a bypass for modsecurity version 2.1.0 or less here: http://www.php-security.org/MOPB/BONUS-12-2007.html Important: The evasion only works for postdata. Example: Post-data Input: a=b Post-data Output : \x00a=b Plugin type Evasion Options This plugin doesnt have any us...
phpcms 2008 /yp/job.php SQL注入漏洞
No description provided by source...
PHPCMS V9 WAP module injection vulnerability-vulnerability warning-the black bar safety net
Used to urldecode a variable into the library before there is no effective filter, resulting in the injected generation. Detailed description: ! Vulnerability to prove: File location:/phpcms/modules/wap/index.php Vulnerability function: commentlist Unfiltered parameter:$GET'commentid' Trigger...
Scientific Linux Security Update : php on SL4.x i386/x86_64
It was discovered that the PHP escapeshellcmd function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd and execute arbitrary commands if the PHP script was usi...
Moderate: Red Hat Security Advisory: php53 security update
Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Joomla Szallasok SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla Component comszallasok SQL Injection Vulnerability Author : CoBRa21 E-Mail : cobra21 at hotmail.com.tr Google Dork : inurl:comszallasok Status : High-Risk SQL Vulnerability...
PHP 5.3.x < 5.3.13 CGI Query String Code Execution
Binary data 6494.prm...
PHP multiple security vulnerabilities
DoS conditions, code execution, SQL injections...
PHP 5.4.3 多个空指针引用拒绝服务漏洞
BUGTRAQ ID: 53643 PHP是一种HTML内嵌式的语言,PHP与微软的ASP颇有几分相似,都是一种在服务器端执行的嵌入HTML文档的脚本语言,语言的风格有类似于C语言,现在被很多的网站编程人员广泛的运用。 PHP 5.4.3之前版本在实现时存在空指针引用导致的多个拒绝服务漏洞,攻击者可利用这些漏洞造成应用崩溃。 0 PHP 5.4.3 厂商补丁: PHP --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.php.net ?php / PHP = 5.4.3 wddxserialize /...
PHP <= 5.4.3 wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Derefernce
No description provided by source. ?php / PHP = 5.4.3 wddxserialize / streambucket Variant Object Null Ptr Derefernce Author : condis Date : 10.04.2012 AD Website : http://cond.psychodela.pl ---- Download : http://php.net/downloads.php Tested on: PHP 5.3.8 + Windows XP SP3 Professional PL PHP...
php -- multiple vulnerabilities
The PHP Development Team reports: The release of PHP 5.4.13 and 5.4.3 complete a fix for the vulnerability in CGI-based setups as originally described in CVE-2012-1823. CVE-2012-2311 Note: modphp and php-fpm are not vulnerable to this attack. PHP 5.4.3 fixes a buffer overflow vulnerability in the...
Serious Remote PHP Bug Accidentally Disclosed
A serious remote-code execution vulnerability in PHP was accidentally disclosed Wednesday, leading to fears of an outbreak of attacks on sites that were built using vulnerable versions of PHP. The bug has been known privately since January when a team of researchers used it in a capture the flag...
update for php5 (important)
php5 security update...
PHP 'magic_quotes_gpc'安全绕过漏洞(CVE-2012-0831)
Bugtraq ID: 51954 CVE ID:CVE-2012-0831 Php存在一个安全漏洞允许远程禁用magicquotesgpc,这允许远程攻击者绕过防止SQL注入的限制 0 PHP 5.3.8 PHP 5.3.7 PHP 5.3.6 PHP 5.3.2 PHP 5.2.4 PHP 5.3.5 PHP 5.3.4 PHP 5.3.3 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: https://bugs.php.net/bug.php?id=61043...
Debian Security Advisory DSA 2403-1 (php5)
The remote host is missing an update to php5 announced via advisory DSA 2403-1. OpenVAS Vulnerability Test $Id: deb24031.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2403-1 php5 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
CVE-2012-0057
CVE-2012-0057 affects PHP up to version 5.3.8 (prior to 5.3.9), where improper libxslt security settings allow remote attackers to create arbitrary files via a crafted XSLT stylesheet using the libxslt output extension. The connected advisories confirm this vulnerability across multiple distribut...
php53 security update
5.3.3-1.6 - add security fix for CVE-2012-0830 786757...
php security update
5.3.3-3.6 - add security fix for CVE-2012-0830 786743...
DSA-2403-1 php5 - code injection
Bulletin has no description...