41 matches found
FreeBSD : php-imap -- imap_open allows to run arbitrary shell commands via mailbox parameter (ec49f6b5-ee39-11e8-b2f4-74d435b63d51)
The PHP team reports : imapopen allows to run arbitrary shell commands via mailbox parameter. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2019 Jacques Vidrine and contributors Redistributio...
Critical: php
Issue Overview: The asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of...
Oracle Linux 5 : php (ELSA-2009-0338)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-0338 advisory. - ext/gd: fix overflow2 usage for CVE-2007-3996, CVE-2008-3658 Tenable has extracted the preceding description block directly from the Oracle Linux...
FreeBSD : php-imap -- Denial of Service (1a0704e7-0edf-11e0-becc-0022156e8794)
The following DoS condition in IMAP extension was fixed in PHP 5.3.4 and PHP 5.2.15 : A remote user can send specially crafted IMAP user name or password data to trigger a double free memory error in 'ext/imap/phpimap.c' and cause the target service to crash. It may be possible to execute arbitra...
UBUNTU-CVE-2010-4150
Double free vulnerability in the imapdoopen function in the IMAP extension ext/imap/phpimap.c in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via unspecified vectors...
CVE-2008-2829
phpimap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related...
php security update
CentOS Errata and Security Advisory CESA-2007:0076 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...
php security update
CentOS Errata and Security Advisory CESA-2006:0669 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...
php security update
CentOS Errata and Security Advisory CESA-2006:0567-01 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...
php security update
CentOS Errata and Security Advisory CESA-2006:0501-02 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...
PHP 4.x/5.0/5.1 - 'mb_send_mail()' Restriction Bypass
source: https://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safemode' and 'openbasedir' security settings to be bypassed. These issues reside in the 'mbsendmail' function, the 'mail' function, and various PHP IMAP functions...
PHP 4.x5.05.1 - mb_send_mail() Restriction Bypass
PHP 4.x5.05.1 - mbsendmail Restriction Bypass source: https://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safemode' and 'openbasedir' security settings to be bypassed. These issues reside in the 'mbsendmail' function, the 'mail'...
Mandrake Linux Security Advisory : php-imap (MDKSA-2005:194)
'infamous41md' discovered a buffer overflow in uw-imap, the University of Washington's IMAP Server that allows attackers to execute arbitrary code. php-imap is compiled against the static c-client libs from imap. These packages have been recompiled against the updated imap development packages...
MDKSA-2005:194 - Updated php-imap packages fix buffer overflow vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2005:194 http://www.mandriva.com/security/ Package : php-imap Date : October 26, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0 Problem Description: "infamous41md" discovered a buffer overflow in...
BasiliX Application Detection
The remote host is running BasiliX, a webmail application based on PHP and IMAP and powered by MySQL. %NASLMINLEVEL 70300 This script was written by George A. Theall, . See the Nessus Scripts License for details. Changes by Tenable: - Revised plugin title 12/28/10 include'deprecatednasllevel.inc'...
CVE-2003-1303
Buffer overflow in the imapfetchoverview function in the IMAP functionality phpimap.c in PHP before 4.3.3 allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a long e-mail address in a 1 To or 2 From header...
CVE-2001-1154
CVE-2001-1154 affects Cyrus mail servers (versions 2.0.15, 2.0.16, and 1.6.24) running on BSDi 4.2 with IMAP enabled. The issue allows remote attackers to cause a denial-of-service condition (hang) by leveraging PHP IMAP clients. The available documents confirm the affected software stack and the...
CVE-2001-1154
Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service hang using PHP IMAP clients...
Дырка в PHP 4 imap module
Переполнение буфера при работе с внешними библиотеками...
[GSA2001-01] PHP IMAP overflow fix problems
geekgang Security Advisory gsa2001-01 www.geekgang.co.uk © Copyright 2001 geekgang ID: geekgang GSA2001-01 01 v1.0 Topic: PHP IMAP overflow fix problems Status: Released 5th March, 2001 Author: pre Abstract PHP 4.0.4 contains a fix for a buffer overflow in the imap module. Unfortunately this fix...