46 matches found
K12253: PHP vulnerability CVE-2010-2225
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
Remote Code Execution (RCE)
php is vulnerable to remote code execution RCE attacks. The vulnerability exists through a format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary cod...
openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)
php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in...
PHP OpenSSL Extension 'openssl_x509_parse()'内存破坏漏洞
BUGTRAQ ID: 64225 CVECAN ID: CVE-2013-6420 PHP 5.3.27之前版本、5.4.22之前版本、5.5.6之前版本解析x.509证书时,"asn1timetotimet"函数ext/openssl/openssl.c出错,攻击者通过特制的x.509证书利用此漏洞可破坏内存。 0 PHP PHP 5.5.x PHP PHP 5.4.x PHP PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...
PHP 5.3.x < 5.3.27 Information Disclosure
Binary data 801404.prm...
PHP 5.3.x < 5.3.26 Multiple Vulnerabilities
According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.26. It is, therefore, potentially affected by the following vulnerabilities: - An error exists in the function 'phpquotprintencode' in the file 'ext/standard/quotprint.c' that could allow a heap-based...
PHP 5.3.x < 5.3.22 Multiple Vulnerabilities
According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.22. It is, therefore, potentially affected by the following vulnerabilities : - An error exists in the file 'ext/soap/soap.c' related to the 'soap.wsdlcachedir' configuration directive and writing cache...
PHP 5.3.x < 5.3.22 Multiple Vulnerabilities
Binary data 801086.prm...
PHP 5.3.x < 5.3.21 cURL X.509 Certificate Domain Name Matching MiTM Weakness
Binary data 6671.prm...
PHP 5.3.x < 5.3.21 cuRL X.509 Certificate Domain Name Matching MiTM Weakness
Binary data 801093.prm...
PHP 5.3.x < 5.3.15 Multiple Vulnerabilities
Binary data 6556.prm...
Authentication flaw
The Debian phpcryptrevamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty...
CVE-2012-2317
The Debian phpcryptrevamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty...
PHP 5.3.x目录遍历漏洞
BUGTRAQ ID: 53403 CVE ID: CVE-2012-1172 PHP是一种HTML内嵌式的语言,PHP与微软的ASP颇有几分相似,都是一种在服务器端执行的嵌入HTML文档的脚本语言,语言的风格有类似于C语言,现在被很多的网站编程人员广泛的运用。 PHP在实现上存在目录遍历漏洞,远程攻击者可利用带有目录遍历序列的特制请求检索、破坏或上传任意位置上的任意文件。 0 PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...
PHP 'magic_quotes_gpc'安全绕过漏洞(CVE-2012-0831)
Bugtraq ID: 51954 CVE ID:CVE-2012-0831 Php存在一个安全漏洞允许远程禁用magicquotesgpc,这允许远程攻击者绕过防止SQL注入的限制 0 PHP 5.3.8 PHP 5.3.7 PHP 5.3.6 PHP 5.3.2 PHP 5.2.4 PHP 5.3.5 PHP 5.3.4 PHP 5.3.3 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: https://bugs.php.net/bug.php?id=61043...
PHP 5.3.x Hashtables Proof Of Concept
...
PHP 5.3.x md5计算函数crypt漏洞导致安全模式绕过
No description provided by source...
PHP 5.2.x<5.2.14,5.3.x<5.3.3 addcslashes函数信息泄露漏洞
No description provided by source...
PHP "substr_replace()"释放后重用远程内存破坏漏洞
BUGTRAQ ID: 46843 CVE ID: CVE-2011-1148 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的"substrreplace"函数在实现上存在释放后重用远程内存破坏漏洞,远程攻击者可利用此漏洞在网络服务器中执行任意代码,造成拒绝服务。 此漏洞源于在将同一个变量多次发送到"substrreplace"函数时,PHP会使该函数中的三个变量使用同一个指针,所以当函数中的类型转换更改了该指针,该指针也会使其他变量无效。 PHP PHP 5.3.x PHP PHP 5.2.x 厂商补丁: PHP ---...
PHP 5.3 < 5.3.6 Multiple Vulnerabilities
According to its banner, the version of PHP 5.3.x installed on the remote host is older than 5.3.6. - A NULL pointer can be dereferenced in the function 'zipnamelocate' when processing empty archives and can lead to application crashes or code execution. Exploitation requires the...