php session extension information leak

The phpbinary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information memory contents via a serialized variable entry with a large length value, which triggers a buffer over-read...

MOPB-10-2007:PHP php_binary Session Deserialization Information Leak Vulnerability

Summary The PHP session extension comes with a serialization handler called 'phpbinary' that is vulnerable to a heap information leak vulnerability. This security hole is the result of a missing boundary check and allows leaking up to 126 bytes following the serialized data into array keys of the...

php session extension information leak

The phpbinary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information memory contents via a serialized variable entry with a large length value, which triggers a buffer over-read...

php session extension information leak

The phpbinary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information memory contents via a serialized variable entry with a large length value, which triggers a buffer over-read...

php session extension global variable clobber

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when registerglobals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling sessiondecode on a string beginning with...

php session extension information leak

The phpbinary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information memory contents via a serialized variable entry with a large length value, which triggers a buffer over-read...

CVE-2006-4432

The CVE-2006-4432 entry describes a directory traversal in Zend Platform 2.2.1 and earlier. An attacker can overwrite arbitrary files by supplying a .. in the final PHPSESSID component, enabling potential direct static code injection in some cases. The affected product is Zend Platform (versions ...

CVE-2006-4433

PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier PHPSESSID for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session...

CVE-2006-4431

CVE-2006-4431 affects Zend Platform (Session Clustering Daemon) and the mod_cluster module; versions 2.2.1 and earlier are vulnerable. The issue is multiple buffer overflows triggered by a PHPSESSID that is empty or crafted, allowing remote attackers to crash the service (DoS) or potentially exec...

CVE-2003-0442

Cross-site scripting XSS vulnerability in the transparent SID support capability for PHP before 4.3.2 session.usetranssid allows remote attackers to insert arbitrary script via the PHPSESSID parameter...

CVE-2002-0121

PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections...