5 matches found
Null pointer dereference
The phppgsqlmetadata function in pgsql.c in the PostgreSQL aka pgsql extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service NULL pointer dereference and...
CVE-2015-4644
CVE-2015-4644 affects the PHP pgsql extension: the php_pgsql_meta_data function in pgsql.c does not validate token extraction for table names. This can allow remote attackers to trigger a denial of service (NULL pointer dereference and application crash). Affected PHP versions are the PostgreSQL ...
Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2658-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2658-1 advisory. Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass...
openSUSE Security Update : php5 (openSUSE-2015-471)
The PHP script interpreter was updated to receive various security fixes : - CVE-2015-4602 bnc935224: Fixed an incomplete Class unserialization type confusion. - CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 bnc935226: Fixed type confusion issues in unserialize with various SOAP methods. -...
php5 -- multiple vulnerabilities
The PHP project reports: DOM and GD: Fixed bug 69719 Incorrect handling of paths with NULs. FTP: Improved fix for bug 69545 Integer overflow in ftpgenlist resulting in heap overflow. CVE-2015-4643 Postgres: Fixed bug 69667 segfault in phppgsqlmetadata. CVE-2015-4644...