Linux Distros Unpatched Vulnerability : CVE-2010-3065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent...

SUSE CVE-2010-3065

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

GHSA-HC33-32VW-RPP9 Remote Code Execution Vulnerability in Session Storage

Impact A malicious attacker can achieve Remote Code Execution RCE via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If your application does not use Ratpack's session mechanism, it is not vulnerable. Details Attackers with the ability to writ...

CentOS Update for php CESA-2010:0919 centos4 i386

Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2010:0919 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

RedHat Update for php RHSA-2010:0919-01

Check for the Version of php OpenVAS Vulnerability Test RedHat Update for php RHSA-2010:0919-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

php security update

CentOS Errata and Security Advisory CESA-2010:0919 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...

php: session serializer session data injection vulnerability (MOPS-2010-060)

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

CVE-2010-3065

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

Default configuration

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

CVE-2010-3065

CVE-2010-3065 affects PHP’s default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2, where PS_UNDEF_MARKER is not handled properly. This allows context-dependent attackers to modify arbitrary session variables via crafted session variable names. Several connected advisories and...

CVE-2010-3065

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

[SECURITY] [DSA-2089-1] New php5 packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2089-1 [email protected] http://www.debian.org/security/ Raphael Geissert August 6, 2010 http://www.debian.org/security/faq -...

PHP 5.3 < 5.3.3 Multiple Vulnerabilities

According to its banner, the version of PHP 5.3 installed on the remote host is older than 5.3.3. Such versions may be affected by several security issues : - An error exists when processing invalid XML-RPC requests that can lead to a NULL pointer dereference. bug 51288 CVE-2010-0397 - An error...