EUVD-2011-2192

Malware in sbrugna...

php security and bug fix update

5.4.16-42 - bz2: fix improper error handling in bzread CVE-2016-5399 5.4.16-41 - gd: fix integer overflow in gd2GetHeader resulting in heap overflow CVE-2016-5766 - gd: fix integer overflow in gdImagePaletteToTrueColor resulting in heap overflow CVE-2016-5767 - mbstring: fix double free in...

PHP 'main/rfc1867.c' Remote Denial of Service Vulnerability

PHP is a general-purpose web programming language. A remote denial of service vulnerability exists in PHP 'main/rfc1867.c' that allows remote attackers to submit special requests consuming large amounts of CPU resources to conduct denial of service attacks...

php: file path injection vulnerability in RFC1867 file upload filename

The rfc1867posthandler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request...

php: file path injection vulnerability in RFC1867 file upload filename

The rfc1867posthandler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request...

Fedora 14 : maniadrive-1.2-32.fc14 / php-5.3.8-1.fc14 / php-eaccelerator-0.9.6.1-9.fc14 (2011-11537)

Security Enhancements and Fixes : - Updated cryptblowfish to 1.2. CVE-2011-2483 - Fixed crash in errorlog. Reported by Mateusz Kocielski - Fixed buffer overflow on overlog salt in crypt. - Fixed bug 54939 File path injection vulnerability in RFC1867 File upload filename. Reported by Krzysztof...

CVE-2011-2202

The rfc1867posthandler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request...

security flaw

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when registerglobals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field...

security flaw

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when registerglobals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field...

CVE-2005-3390

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when registerglobals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field...

CVE-2005-3390

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when registerglobals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field...

CVE-2005-3390

CVE-2005-3390 : The RFC1867 file upload feature in PHP 4.x (up to 4.4.0) and PHP 5.x (up to 5.0.5) can be exploited when register_globals is enabled to modify the GLOBALS array via a multipart/form-data POST with a field named “GLOBALS,” bypassing PHP application protections. This remote-access i...

CVE-2004-0959

The CVE-2004-0959 issue affects PHP’s file upload handling (rfc1867.c) in PHP versions before 5.0.2. A crafted Content-Disposition MIME header can cause the $_FILES array to be modified, enabling a local attacker to upload files to arbitrary locations on the server. Impact is limited to local acc...