EnterpriseGS 1.0 rc4 - Remote Command Execution

works against PHP5 usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Thus the energy developed by good fighting men is as the momentum of a round stone rolled down a mountain thousands of feet in height. So much on the subject of energy." errorreporting0;...

DocMGR 0.54.2 - file_exists Remote Command Execution

DocMGR 0.54.2 - fileexists Remote Command Execution works against PHP5, with shortopentag = On and registerglobals = On usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "The quality of decision is like the well-timed swoop of a falcon which enables it to strike and destroy i...

PmWiki Multiple Vulnerabilities

This is both a PmWiki and PHP advisory, and works only with registerglobals on. I totally missed the PHP GLOBALS GPC injection vulnerability and rediscovered that by my own if just few month before! arg!. Basically in the worst scenario be are in front of two separate vulnerabilities: one regardi...

[SECURITY] [DSA 958-1] New drupal packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 958-1 [email protected] http://www.debian.org/security/ Martin Schulze January 27th, 2006 http://www.debian.org/security/faq -...

DSA-958-1 drupal - several

Bulletin has no description...

CVE-2005-3974

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission...

CVE-2005-3974

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission...

CVE-2005-3974

Drupal 4.5.0–4.5.5 and 4.6.0–4.6.3 on PHP5 do not correctly enforce user privileges, allowing remote attackers to bypass the access user profiles permission (CVE-2005-3974). The advisories note a fix in 4.6.3 (and related Debian updates in DSA-958-1), with older fixed versions for sid/stable tree...

CVE-2005-3974

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission...

[DRUPAL-SA-2005-009] Drupal 4.6.4 / 4.5.6 fixes minor access control issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2005-009 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2005-009 Project: Drupal core Date: 2005-11-30 Security risk: not critical...

DRUPAL-SA-2005-009 Bypass "view user profiles" permission

Andrew Widdowson informed us that it's possible to bypass the 'access user profile' permission if the server is running PHP5. No data can be changed though. Versions affected Drupal 4.6.0, 4.6.1, 4.6.2, 4.6.3 Solution If you are running Drupal 4.6.x and PHP5, then upgrade to Drupal 4.6.4...

[Full-disclosure] Advisory 17/2005: phpBB Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpBB Multiple Vulnerabilities Release Date: 2005/10/31 Last Modified: 2005/10/31 Author: Stefan Esser [email protected] Application: phpBB = 2.0.17 Severity: Multiple...

Slackware 10.1 : php5 in Slackware 10.1 (SSA:2005-251-04)

A new php5 package is available for Slackware 10.1 in /testing to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which eliminates the eval function. The eval functio...

SUSE-SA:2005:049: php4, php5

The remote host is missing the patch for the advisory SUSE-SA:2005:049 php4, php5. This update fixes the following security issues in the PHP scripting language. - Bugs in the PEAR::XMLRPC library allowed remote attackers to pass arbitrary PHP code to the eval function CVE-2005-1921, CVE-2005-249...

php5 in Slackware 10.1

A new php5 package is available for Slackware 10.1 in /testing to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which eliminates the eval function. The eval functio...

Fedora Core 4 : squirrelmail-1.4.6-0.cvs20050812.1.fc4 (2005-780)

It probably is not a good idea to push a CVS snapshot here, but upstream screwed up their 1.4.5 release and CVS contains further fixes like PHP5 related stuff that might make squirrelmail usable on FC4. This snapshot worked on my personal server for the past week, so hopefully it will be good for...