13 matches found
EUVD-2007-0901
Malware in sbrugna...
SUSE CVE-2007-0907
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapiheaderop function...
The vulnerability of the sapi_header_op function in the PHP programming language allows attackers to carry out XSS attacks.
The vulnerability of the sapiheaderop function in the PHP programming language is related to the lack of measures taken to protect web page structures. Exploiting this vulnerability allows an attacker to perform XSS attacks remotely...
Scientific Linux Security Update : php on SL7.x x86_64 (20160811) (httpoxy)
Security Fixes : - It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker- controlled proxy via a malicious HTTP request. CVE-2016-5385 Bug Fix...
RHEL 7 : php (RHSA-2016:1613) (httpoxy)
An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Moderate: Red Hat Security Advisory: php security and bug fix update
An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
UBUNTU-CVE-2015-8935
The sapiheaderop function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting XSS attacks against Internet Explorer by leveraging ...
RHEL 5 : php53 (RHSA-2013:1307)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1307 advisory. - php: paths with NULL character were considered valid CVE-2006-7243 - PHP: sapiheaderop %0D sequence handling security bypass CVE-2011-1398...
PHP: sapi_header_op() %0D sequence handling security bypass
The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...
PT-2012-5362 · Microsoft +3 · Internet Explorer +3
Name of the Vulnerable Software and Affected Versions: PHP versions 5.4.0RC2 through 5.4.0 Description: The issue arises from the sapi header op function in main/SAPI.c, which fails to properly determine a pointer during checks for %0D sequences, allowing remote attackers to bypass an HTTP...
security flaw
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapiheaderop function...
security flaw
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapiheaderop function...
security flaw
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapiheaderop function...