Mandriva Linux Security Advisory : php (MDVSA-2012:065)

Multiple vulnerabilities has been identified and fixed in php : The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service application crash via a crafted application that uses a PDO driver for a...

CVE-2012-0830

The phpregistervariableex function in phpvariables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885...

PHP < 5.3.10 php_register_variable_ex() RCE

Binary data 6304.prm...

PHP &quot;php_register_variable_ex()&quot;函数任意代码执行漏洞(CVE-2012-0830)

CVE-2012-0830 Php是一款流行的编程语言 PHP在12月为哈希碰撞拒绝服务CVE-2011-4885http://sebug.net/vuldb/ssvid-30001提供的补丁引出了另一个严重的安全漏洞。 防止哈希碰撞的补丁在php.ini中引入了新的配置属性： maxinputvars 此配置元素限制用于请求中使用的变量数量如http://request.com/foo.php?a=1&b=2&c=3，默认设置为1000。...

php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix

The phpregistervariableex function in phpvariables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885...