EUVD-2008-1391

Malware in sbrugna...

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : php5 vulnerabilities (USN-628-1)

It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. CVE-2007-4782 Maksymilian Arciemowicz discovered a flaw in t...

USN-628-1: PHP vulnerabilities

It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. CVE-2007-4782 Maksymilian Arciemowicz discovered a flaw in t...

CVE-2008-1384

Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the phpsprintfappendstring function in formattedprint.c and probably other...

PHP 5 php_sprintf_appendstring()函数整数溢出漏洞

BUGTRAQ ID: 28392 CVECAN ID: CVE-2008-1384 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP formattedprint.c文件的printf函数存在整数溢出漏洞，能够执行PHP脚本的攻击者可能利用此漏洞提升权限。 在formattedprint.c文件的phpsprintfappendstring函数中： - ---formattedprint.c-start--- inline static void phpsprintfappendstringchar buffer, int pos, int siz...