security flaw

The phphandleiff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service infinite loop via a -8 size value...

php unserialize

============================================================== SEC-CONSULT Security Advisory PHP - 4.3.9 unserialize function ======================OOOOOOOOOOOO============================ Product: PHP 4.3.9 Win32/Unix Remarks: no other Versions tested but very likely vulnerable Vulnerablities: -...

PHP rfc1867.c $_FILES Array Crafted MIME Header Arbitrary File Upload

The remote host is running a version of PHP that is older than 4.3.9 or 5.0.2. The remote version of this software is affected by an unspecified file upload vulnerability that could allow a local attacker to upload arbitrary files to the server. This flaw can only be exploited locally...