1132 matches found
Debian DSA-531-1 : php4 - several vulnerabilities
Two vulnerabilities were discovered in php4 : - CAN-2004-0594 The memorylimit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when registerglobals is enabled, allows remote attackers to execute arbitrary code by triggering a memorylimit abort during...
[VulnWatch] PHP Vulnerability N. 1
Hi all, This summer i have been playing around with some php issue and got some php vulnerabilities.. Let's go for the first one: ========================================================== Title: phpsuperinfo. Affected: Php = 5.0.1 Not Affected: it seems Php = 4.1.2 Vulnerability Type: Exposure o...
CVE-2002-1396
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code...
GLSA-200407-13 : PHP: Multiple security vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200407-13 PHP: Multiple security vulnerabilities Several security vulnerabilities were found and fixed in version 4.3.8 of PHP. The striptags function, used to sanitize user input, could in certain cases allow tags containing \0...
PHP < 4.3.2 Multiple Function Remote Overflows
Binary data 1484.prm...
SUSE-SA:2004:021: php4/mod_php4
The remote host is missing the patch for the advisory SUSE-SA:2004:021 php4/modphp4. PHP is a well known, widely-used scripting language often used within web server setups. Stefan Esser found a problem with the 'memorylimit' handling of PHP which allows remote attackers to execute arbitrary code...
PHP: Multiple security vulnerabilities
Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description Several security vulnerabilities were found and fixed in version 4.3...
PHP < 4.3.8 Multiple Vulnerabilities
According to its banner, the version of PHP 4.3.x installed on the remote host is prior to 4.3.7. It is, therefore, potentially affected by a bug that could allow an attacker to execute arbitrary code on the remote host if the option memorylimit is set. Another bug in the function striptags may...
RHEL 2.1 : php (RHSA-2002:214)
PHP versions up to and including 4.2.2 contain vulnerabilities in the mail function, allowing local script authors to bypass safe mode restrictions and possibly allowing remote attackers to insert arbitrary mail headers or content. Updated 13 Jan 2003 Added fixed packages for the Itanium IA64...
waraxe-2004-SA012.txt
================================================================================ waraxe-2004-SA012 ================================================================================ Multiple vulnerabilities in XMB 1.8 Partagium SP3 and 1.9 Nexus Beta...
CVE-2004-0246
Multiple PHP remote file inclusion vulnerabilities in 1 fonctions.lib.php, 2 dernierscommentaires.php, and 3 admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter...
CVE-2004-0132
Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using 1 the GLOBALSrootdp parameter to db.php, or 2 the GLOBALSlanguagehome parameter to archivednews.php, and a...
CVE-2004-0132
Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using 1 the GLOBALSrootdp parameter to db.php, or 2 the GLOBALSlanguagehome parameter to archivednews.php, and a...
CVE-2003-1313
Multiple PHP remote file inclusion vulnerabilities in EternalMart Mailing List Manager EMLM 1.32 allow remote attackers to execute arbitrary PHP code via a URL in 1 the emmladminpath parameter to admin/auth.php or 2 the emmlpath parameter to emmlemailfunc.php...
CVE-2003-1459
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the 1 template parameter in News.php or 2 installdir parameter in install.php...
CVE-2003-1179
Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the includepath parameter in 1 booth.php, 2 png.php, 3 pollssi.php, or 4 popup.php, the 5 basepath parameter to common.inc.php...
Autorank PHP SQL Injection Vulnerabilities
Vendor : JMB Software URL : http://www.jmbsoft.com Version : AutoRank PHP 2.0.4 && Others? Risk : SQL Injection Vulnerability Description: The description as taken from the Autorank website "AutoRank PHP is our next generation toplist software, written completely in PHP and backed by a MySQL...
Aardvark Topsites 4.1 PHP - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/9231/info Multiple vulnerabilities have been identified in the software that include information disclosure, path disclosure, SQL injection, and a plaintext password weakness. Aardvark Topsites PHP version 4.1.0 has been reported to be prone to these issu...
CVE-2003-1148
Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences phpMyConference 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvcincludedir parameter to 1 config.inc.php or 2...
CVE-2003-0860
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors...