Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-362-1)

The stripos function did not check for invalidly long or empty haystack strings. In an application that uses this function on arbitrary untrusted data this could be exploited to crash the PHP interpreter. CVE-2006-4485 An integer overflow was discovered in the PHP memory allocation handling. On...

Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 vulnerabilities (USN-424-1)

Multiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server...

Ubuntu 6.06 LTS / 6.10 / 7.04 : php5 vulnerabilities (USN-462-1)

A flaw was discovered in the FTP command handler in PHP. Commands were not correctly filtered for control characters. An attacker could issue arbitrary FTP commands using specially crafted arguments. CVE-2007-2509 Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler in PHP...

Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 regression (USN-424-2)

USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes were not included, which caused errors in the stream filters. This update fixes the problem. We apologize for the inconvenience. Multiple buffer overflows have been discovered in various PHP modules. If a PHP application...

Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 vulnerability (USN-375-1)

Stefan Esser discovered two buffer overflows in the htmlentities and htmlspecialchars functions. By supplying specially crafted input to PHP applications which process that input with these functions, a remote attacker could potentially exploit this to execute arbitrary code with the privileges o...

Ubuntu 6.06 LTS / 6.10 / 7.04 : php5 vulnerabilities (USN-485-1)

It was discovered that the PHP xmlrpc extension did not correctly check heap memory allocation sizes. A remote attacker could send a specially crafted request to a PHP application using xmlrpc and execute arbitrary code as the Apache user. CVE-2007-1864 Stefan Esser discovered a flaw in the rando...

openSUSE 10 Security Update : php5 (php5-2687)

CVE-2007-0906: Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the 1 session, 2 zip, 3 imap, and 4 sqlite extensions; 5 stream filters; and the 6 strreplace, 7 mail, 8 ibasedeleteuser, 9...

openSUSE 10 Security Update : php5 (php5-1590)

This update fixes the following security issues: - invalid charactes in session names were not blocked - a bug in zendhashdel allowed attackers to prevent unsetting of some variables - bugs in the substrcompare and wordwrap function could crash php CVE-2006-1991, CVE-2006-1990 - a memory leak in...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-2039)

the CURL module lacked checks for control characters CVE-2006-2563 - strrepeat contained an integer overflow - ext/wddx contained a buffer overflow - memorylimit lacked checks for integer overflows - a bug in sscanf could potentially be exploited to execute arbitrary code CVE-2006-4020 - an...

DTSA-61-1 php5 - several vulnerabilities

Bulletin has no description...

Sa-blog 0day-vulnerability warning-the black bar safety net

Quotation First:use is PHP5,is because of the SERVER variables are not affected by the'quotes of the limit,even if it is open the escape vulnerabilityin the User-Agent second:the insert into a plurality of data inserted in the text structure of the place is insert INTO $dbprefixsessions...

[slackware-security] php

New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, and 12.0 to fix "several low priority security bugs." Note that PHP5 was not officially supported in Slackware 10.1 or 10.2 being in the /testing directory, and was not the default version of PHP for Slackware 11.0 being in the /extr...

Debian DSA-1330-1 : php5 - several vulnerabilities

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1399 Stefan Esser discovered that a buffe...

[SECURITY] [DSA 1330-1] New php5 packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1330-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 7th, 2007 http://www.debian.org/security/faq -...

DSA-1330-1 php5 - several vulnerabilities

Bulletin has no description...

Slackware 10.2 / 11.0 / current : php5 (SSA:2007-152-01)

New php5 packages are available for Slackware 10.2, 11.0, and -current to fix security issues. PHP5 was considered a test package in Slackware 10.2, and an 'extra' package in Slackware 11.0. If you are currently running PHP4 you may wish to stick with that, as upgrading to PHP5 will probably...

SUSE-SA:2007:020: php4,php5

The remote host is missing the patch for the advisory SUSE-SA:2007:020 php4,php5. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This plugin text was extracted from SuSE Security Advisory SUSE-SA:2007:020 if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc...

SUSE-SA:2007:032: php4,php5

The remote host is missing the patch for the advisory SUSE-SA:2007:032 php4,php5. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This plugin text was extracted from SuSE Security Advisory SUSE-SA:2007:032 if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc...

[slackware-security] php5

New php5 packages are available for Slackware 10.2, 11.0, and -current to fix security issues. PHP5 was considered a test package in Slackware 10.2, and an "extra" package in Slackware 11.0. If you are currently running PHP4 you may wish to stick with that, as upgrading to PHP5 will probably...

DTSA-39-1 php5 - several vulnerabilities

Bulletin has no description...