Ubuntu 4.10 : php4 vulnerabilities (USN-66-1)

FraMe from kernelpanik.org reported that the cURL module does not respect openbasedir restrictions. As a result, scripts which used cURL to open files with an user-specified path could read arbitrary local files outside of the openbasedir directory. Stefano Di Paola discovered a vulnerability in...

Ubuntu 4.10 : php4 vulnerabilities (USN-112-1)

An integer overflow was discovered in the exifprocessIFDTAG function in PHP4's EXIF module. EXIF tags with a specially crafted 'Image File Directory' IFD tag caused a buffer overflow which could have been exploited to execute arbitrary code with the privileges of the PHP4 server. CAN-2005-1042 Th...

Ubuntu 4.10 / 5.04 : php4, php4-universe vulnerability (USN-147-1)

A remote code execution vulnerability has been discovered in the XMLRPC module of the PEAR PHP Extension and Application Repository extension of PHP. By sending specially crafted XMLRPC requests to an affected web server, a remote attacker could exploit this to execute arbitrary code with the web...

Ubuntu 4.10 : php4 vulnerabilities (USN-99-2)

USN-99-1 fixed a safe mode bypass which allowed malicious PHP scripts to circumvent path restrictions by creating a specially crafted directory whose length exceeded the capacity of the realpath function CAN-2004-1064. However, this caused severe regressions, some applications like SquirrelMail a...

Ubuntu 4.10 : php4 vulnerabilities (USN-99-1)

Stefano Di Paola discovered integer overflows in PHP's pack and unpack functions. A malicious PHP script could exploit these to break out of safe mode and execute arbitrary code with the privileges of the PHP interpreter. CAN-2004-1018 Note: The second part of CAN-2004-1018 buffer overflow in the...

Ubuntu 4.10 / 5.04 : php4 vulnerability (USN-207-1)

A bug has been found in the handling of the openbasedir directive handling. Contrary to the specification, the value of openbasedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash '/'. For example, this allowed PHP scripts to access the directory...

Ubuntu 4.10 : php4 vulnerabilities (USN-105-1)

Two Denial of Service vulnerabilities have been discovered in the getimagesize function. getimagesize uses format specific internal functions phphandleiff and phphandlejpeg which get stuck in infinite loops when certain invalid size parameters are read from the image. In web applications that all...

Ubuntu 4.10 : php4 vulnerabilities (USN-40-1)

Stefan Esser reported several buffer overflows in PHP's variable unserializing handling. These could allow an attacker to execute arbitrary code on the server with the PHP interpreter's privileges by sending specially crafted input strings form data, cookie values, and similar. Additionally, Ilia...

DMANews Multiple SQL inj. vuln.

DMANews Multiple SQL inj. vuln. Vuln. dicovered by : r0t Date: 25 nov. 2005 orginal advisory:http://pridels.blogspot.com/2005/11/dmanews-multiple-sql-inj-vuln.html Vendor:http://www.dmanews.com/ affected version: 0.904 latest downloadable version and v0.910 Development version Product description...

XSS & Path Disclosure in Chipmunk's products

Products: Chipmunk Forum , Topsites , Directory , Guestbook Versions: Tested: Last released of products Vendor: http://chipmunk-scripts.com Bug: XSS , Path Disclosure Exploitation: Remote --------------------------- Introduction: Chipmunk Forum is a small yet flexible and fully featured forum...

SUSE-SA:2005:049: php4, php5

The remote host is missing the patch for the advisory SUSE-SA:2005:049 php4, php5. This update fixes the following security issues in the PHP scripting language. - Bugs in the PEAR::XMLRPC library allowed remote attackers to pass arbitrary PHP code to the eval function CVE-2005-1921, CVE-2005-249...

DTSA-15-1 php4 - several vulnerabilities

Bulletin has no description...

Debian DSA-789-1 : php4 - several vulnerabilities

Several security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP...

[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 789-1 [email protected] http://www.debian.org/security/ Martin Schulze August 29th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 789-1 [email protected] http://www.debian.org/security/ Martin Schulze August 29th, 2005 http://www.debian.org/security/faq -...

DSA-789-1 php4 - several

Bulletin has no description...

USN-171-1: PHP4 vulnerabilities

CAN-2005-1751: The php4-dev package ships a copy of the "shtool" utility in /usr/lib/php4/build/, which provides useful functionality for developers of software packages. Eric Romang discovered that shtool created temporary files in an insecure manner. This could allow a symlink attack to create ...

squirrelmail security update

CentOS Errata and Security Advisory CESA-2005:595-02 An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 04 Aug 2005 The previous SquirrelMail package released...

squirrelmail security update

CentOS Errata and Security Advisory CESA-2005:595 An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 04 Aug 2005 The previous SquirrelMail package released wi...

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 04 Aug 2005 The previous SquirrelMail package released with this errata contained a bug which rendered the...