[SECURITY] [DSA 708-1] New PHP3 packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 708-1 [email protected] http://www.debian.org/security/ Martin Schulze April 15th, 2005 http://www.debian.org/security/faq -...

DSA-708-1 php3 - missing input sanitising

Bulletin has no description...

Debian DSA-708-1 : php3 - missing input sanitising

An iDEFENSE researcher discovered two problems in the image processing functions of PHP, a server-side, HTML-embedded scripting language, of which one is present in PHP3 as well. When reading a JPEG image, PHP can be tricked into an endless loop due to insufficient input validation. %NASLMINLEVEL...

[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 669-1 [email protected] http://www.debian.org/security/ Martin Schulze February 7th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 669-1 [email protected] http://www.debian.org/security/ Martin Schulze February 7th, 2005 http://www.debian.org/security/faq -...

DSA-669-1 php3 - several

Bulletin has no description...

Debian DSA-115-1 : php - broken boundary check and more

Stefan Esser, who is also a member of the PHP team, found several flawsin the way PHP handles multipart/form-data POST requests as described in RFC1867 known as POST fileuploads. Each of the flaws could allow an attacker to execute arbitrary code on the victim's system. For PHP3 flaws contain a...

CVE-2000-1166

CVE-2000-1166 affects the Twig webmail system. The issue arises when the vhosts variable isn’t set on the site, allowing a remote attacker to inject arbitrary PHP (PHP3) code by supplying an alternate vhosts value to index.php3. Root cause: improper handling of the vhosts variable during initiali...

PHP-Nuke 1.0/2.5/3.0/4.x - Remote Ad Banner URL Change

source: https://www.securityfocus.com/bid/2544/info PHP-Nuke is a website creation/maintainence tool written in PHP3. A PHP-Nuke feature supporting cycling ad banners is subject to interference from a remote user. A querystring can be submitted to an unpatched server which allows the remote user ...

Дырка в Apache + PHP3 под Windows

Проблема обратного пути в директориях при использовании спец-символов...

Apache 1.3 + PHP 3 - File Disclosure

source: https://www.securityfocus.com/bid/2060/info Apache Web Server is subject to disclose files to unauthorized users when used in conjunction with the PHP3 script language. By requesting a specially crafted URL by way of php, it is possible for a remote user to gain read access to a known fil...

[SECURITY] New version of Debian php3 packages released (updated)

Package: php3 Vulnerability: possible remote exploit Debian-specific: no Vulnerable: yes Updated version: corrected URLs In versions of the PHP 3 packages before version 3.0.17, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the...

[SECURITY] New version of Debian php3 packages released

Package: php3 Vulnerability: possible remote exploit Debian-specific: no Vulnerable: yes In versions of the PHP 3 packages before version 3.0.17, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the web server, particularly if err...

[SECURITY] New version of Debian php3 packages released

---------------------------------------------------------------------------- Debian Security Advisory [email protected] http://www.debian.org/security/ Daniel Jacobowitz October 14, 2000 - ---------------------------------------------------------------------------- Package: php3 Vulnerability:...

[SECURITY] New version of Debian php3 packages released (updated)

---------------------------------------------------------------------------- Debian Security Advisory [email protected] http://www.debian.org/security/ Daniel Jacobowitz October 14, 2000 - ---------------------------------------------------------------------------- Package: php3 Vulnerability:...

@stake Advisory: PHP3/PHP4 Logging Format String Vulnerability (A 101200-1)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We contacted the PHP team on 10/3/2000 concerning this problem. We wanted to hold off releasing our advisory until a fix was available for PHP3 since some users may not be able to easily upgrade to PHP4. Fixes for PHP3 and PHP4 are now available. We a...

CVE-2000-0059

PHP3 with safemode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands...

CVE-2000-0059

CVE-2000-0059 affects PHP3 when safe_mode is enabled. The vulnerability arises because shell metacharacters are not properly filtered from commands executed via popen , potentially allowing remote attackers to execute arbitrary commands. The provided documents describe the issue but do not specif...

CVE-2000-0059

PHP3 with safemode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands...