PT-2007-4176 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.2.3 PHP versions prior to 4.4.8 Description: The issue is related to multiple integer overflows in the chunk split function. This can be exploited by remote attackers to cause a denial of service crash or execute...

security flaw

Multiple integer overflows in the 1 createwbmp and 2 readwbmp functions in wbmp.c in the GD library libgd in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap WBMP images with large width or height values...

security flaw

The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...

security flaw

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...

security flaw

Multiple integer overflows in the 1 createwbmp and 2 readwbmp functions in wbmp.c in the GD library libgd in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap WBMP images with large width or height values...

security flaw

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...

security flaw

Multiple integer overflows in the 1 createwbmp and 2 readwbmp functions in wbmp.c in the GD library libgd in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap WBMP images with large width or height values...

php session extension global variable clobber

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when registerglobals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling sessiondecode on a string beginning with...

php session extension information leak

The phpbinary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information memory contents via a serialized variable entry with a large length value, which triggers a buffer over-read...

php imap_mail_compose() buffer overflow via type.parameters

Buffer overflow in the imapmailcompose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3...

KISGB (Keep It Simple Guest Book)* [default_path_for_themes] Remote File Include

KISGB Keep It Simple Guest Book defaultpathforthemes Remote File Include +class : Remote File Include Vulnerability + +download link : http://phpnuke-downloads.com/modules.php?name=Downloads&dop=nsgetit&cid=14&lid=156&type=urlget +Author : mdx +Files : +authenticate.php? +code : + +if...

KISGB <= 5.1.1 (authenticate.php) Remote File Include Vulnerability

No description provided by source. KISGB Keep It Simple Guest Book defaultpathforthemes Remote File Include +class : Remote File Include Vulnerability + +download link : http://phpnuke-downloads.com/modules.php?name=Downloads&dop=nsgetit&cid=14&lid=156&type=urlget +Author : mdx +Files :...

KISGB 5.1.1 - Authenticate.php Remote File Inclusion

KISGB 5.1.1 - Authenticate.php Remote File Inclusion KISGB Keep It Simple Guest Book defaultpathforthemes Remote File Include +class : Remote File Include Vulnerability + +download link : http://phpnuke-downloads.com/modules.php?name=Downloads&dop=nsgetit&cid=14&lid=156&type=urlget +Author : mdx...

security flaw

Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function Zend/zendalloc.c...

security flaw

Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...

security flaw

Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass openbasedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function...

security flaw

Cross-site scripting XSS vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."...

security flaw

Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...

security flaw

Multiple cross-site scripting XSS vulnerabilities in PHP 4.4.1 and 5.1.1, when displayerrors and htmlerrors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message...

security flaw

Cross-site scripting XSS vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."...