SUSE-SA:2005:041: php/pear XML::RPC

The remote host is missing the patch for the advisory SUSE-SA:2005:041 php/pear XML::RPC. A bug in the PEAR::XMLRPC library allowed remote attackers to pass arbitrary PHP code to the eval function. The updated php packages fix the XML::RPC bug, however several third party PHP packages include a...

Debian DSA-729-1 : php4 - missing input sanitising

An iDEFENSE researcher discovered two problems in the image processing functions of PHP, a server-side, HTML-embedded scripting language, of which one is present in woody as well. When reading a JPEG image, PHP can be tricked into an endless loop due to insufficient input validation. %NASLMINLEVE...

[SECURITY] [DSA 729-1] New PHP4 packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 729-1 [email protected] http://www.debian.org/security/ Martin Schulze May 26th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 729-1] New PHP4 packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 729-1 [email protected] http://www.debian.org/security/ Martin Schulze May 26th, 2005 http://www.debian.org/security/faq -...

USN-112-1: PHP4 vulnerabilities

An integer overflow was discovered in the exifprocessIFDTAG function in PHP4's EXIF module. EXIF tags with a specially crafted "Image File Directory" IFD tag caused a buffer overflow which could have been exploited to execute arbitrary code with the privileges of the PHP4 server. CAN-2005-1042 Th...

[Full-disclosure] [USN-112-1] PHP4 vulnerabilities

=========================================================== Ubuntu Security Notice USN-112-1 April 14, 2005 php4 vulnerabilities CAN-2005-1042, CAN-2005-1043 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 Warty Warth...

USN-105-1: PHP4 vulnerabilities

Two Denial of Service vulnerabilities have been discovered in the getimagesize function. getimagesize uses format specific internal functions phphandleiff and phphandlejpeg which get stuck in infinite loops when certain invalid size parameters are read from the image. In web applications that all...

USN-99-2: Fixed php4 packages for USN-99-1

USN-99-1 fixed a safe mode bypass which allowed malicious PHP scripts to circumvent path restrictions by creating a specially crafted directory whose length exceeded the capacity of the realpath function CAN-2004-1064. However, this caused severe regressions, some applications like SquirrelMail a...

USN-99-1: PHP4 vulnerabilities

Stefano Di Paola discovered integer overflows in PHP's pack and unpack functions. A malicious PHP script could exploit these to break out of safe mode and execute arbitrary code with the privileges of the PHP interpreter. CAN-2004-1018 Note: The second part of CAN-2004-1018 buffer overflow in the...

CVE-2005-0596

Consolidated details from connected sources confirm CVE-2005-0596 affects PHP 4’s readfile() function. The underlying issue is that reading a file whose size is a multiple of the system page size can crash the httpd/daemon, yielding a denial-of-service condition. The vulnerability is described as...

Debian DSA-642-1 : gallery - several vulnerabilities

Several vulnerabilities have been discovered in gallery, a web-based photo album written in PHP4. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2004-1106 Jim Paris discovered a cross site scripting vulnerability which allows code to be inserted ...

Various Vulnerabilities in OWL Intranet Engine

---------------------------------------------------------------------------- Various Vulnerabilities in OWL Intranet Engine ---------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2004 Location: Basque Country...

PHP4 cURL functions bypass open_basedir

==================================================== Subject: PHP4 cURL functions bypass openbasedir Author: frame at kernelpanik.org Product: PHP4 compile with cURL not tested in PHP5 Vendor: PHP/Zend Vendor URL: www.php.net Tipe: Local Risk: Low/Medium...

Debian DSA-351-1 : php4 - XSS

The transparent session ID feature in the php4 package does not properly escape user-supplied input before inserting it into the generated HTML page. An attacker could use this vulnerability to execute embedded scripts within the context of the generated page. %NASLMINLEVEL 70300 C Tenable Networ...

Debian DSA-115-1 : php - broken boundary check and more

Stefan Esser, who is also a member of the PHP team, found several flawsin the way PHP handles multipart/form-data POST requests as described in RFC1867 known as POST fileuploads. Each of the flaws could allow an attacker to execute arbitrary code on the victim's system. For PHP3 flaws contain a...

[SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 531-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 20th, 2004 http://www.debian.org/security/faq -...

DSA-531 php4 - several vulnerabilities

Bulletin has no description...

[SECURITY] [DSA-351-1] New php4 packages fix cross-site scripting vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 351-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 16th, 2003 http://www.debian.org/security/faq -...

PHP4 crossite scripting

Crossite scripting in transparent session ID feature...

[SECURITY] [DSA-351-1] New php4 packages fix cross-site scripting vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 351-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 16th, 2003 http://www.debian.org/security/faq -...