Fedora Core 4 : php-5.0.4-10.5 (2005-1062)

This update includes several security fixes : - fixes for prevent malicious requests from overwriting the GLOBALS array CVE-2005-3390 - a fix to stop the parsestr function from enabling the registerglobals setting CVE-2005-3389 - fixes for Cross-Site Scripting flaws in the phpinfo output...

PHP: Multiple vulnerabilities

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version and also stand-alone in a CLI. Description Multiple vulnerabilities have been found and fixed in PHP: a possible $GLOBALS...

php security update

CentOS Errata and Security Advisory CESA-2005:1110-001 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded...

php security update

CentOS Errata and Security Advisory CESA-2005:838-01 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...

security flaw

Cross-site scripting XSS vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."...

phpinfo() Output Reporting (HTTP)

Reporting of files containing the output of the phpinfo PHP function previously detected via HTTP. SPDX-FileCopyrightText: 2003 Randy Matz SPDX-FileCopyrightText: New / rewritten code and metadata since 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

CVE-2005-3388

Cross-site scripting XSS vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."...

CVE-2002-2044

Cross-site scripting XSS vulnerability in xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action...

CVE-2002-2044

CVE-2002-2044 describes a cross-site scripting (XSS) vulnerability in x-stat (version 2.3 and earlier) affecting the file x_stat_admin.php . The issue arises when a parameter to the phpinfo action is not properly sanitized, allowing remote attackers to inject arbitrary web script or HTML. Affecte...

CVE-2002-1725

phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain sensitive information via the pw=show option, which invokes the phpinfo function...

CVE-2003-1181

Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo function...

CVE-2004-1590

Clientexec allows remote attackers to gain sensitive information via an HTTP request to phpinfo.php, which calls the phpinfo function...

CVE-2004-1422

CVE-2004-1422 : WHM AutoPilot

CVE-2004-1590

Clientexec allows remote attackers to gain sensitive information via an HTTP request to phpinfo.php, which calls the phpinfo function...

CVE-2004-1863

Multiple cross-site scripting XSS vulnerabilities in XMB aka extreme message board 1.9 beta aka Nexus beta allow remote attackers to inject arbitrary web script or HTML via 1 the u2uheader parameter in editprofile.php, the restrict parameter in 2 member.php, 3 misc.php, and 4 today.php, and 5 an...

CVE-2004-0242

X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with 1 phpinfo command or 2 perlinfo command...

CVE-2004-0033

admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command...

CVE-2004-0033

PHPGEDVIEW 2.61’s admin.php is vulnerable to information disclosure: an attacker can trigger a phpinfo command via an action parameter to reveal sensitive data. The affected component is admin.php (PHPGEDVIEW 2.61). Root cause is improper handling of the action parameter, enabling remote code/inf...

phpinfo() Function Information Disclosure (deprecated)

Binary data 1592.prm...

CVE-2004-0242

X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with 1 phpinfo command or 2 perlinfo command...