37 matches found
Integer overflow
Integer overflow in the strreplace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow."...
CVE-2007-1885
Integer overflow in the strreplace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably...
CVE-2007-1886
Integer overflow in the strreplace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow."...
CVE-2007-1885
Integer overflow in the strreplace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably...
CVE-2007-1886
Integer overflow in the strreplace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow."...
CVE-2007-1886
CVE-2007-1886 : PHP 4.4.5 and 5.2.1 have an integer overflow in the str_replace function (off-by-one) that attackers can trigger with a single-character search and replacement string. Affected component: PHP core string handling. Reported impact in sources: partial confidentiality, partial integr...
PHP Str_Replace()整数溢出漏洞
PHP是一款广泛使用的WEB开发脚本语言。 PHP strreplace内存分配存在整数溢出,远程攻击者可利用此漏洞以应用程序进程权限执行任意指令。 当strreplace调用后,代码会根据搜索路径长度切换到两个不同代码路径。单个字符搜索字符串会又不同函数处理,因为这可导致效率更高。有效方法部分代码如下: ZSTRLENPresult = len + charcount tolen - 1; ZSTRVALPresult = target = emallocZSTRLENPresult + 1; ZTYPEPresult = ISSTRING;...
security flaw
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the 1 session, 2 zip, 3 imap, and 4 sqlite extensions; 5 stream filters; and the 6 strreplace, 7 mail, 8 ibasedeleteuser, 9 ibaseadduser, and 1...
php security update
CentOS Errata and Security Advisory CESA-2007:0081-01 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...
Mandrake Linux Security Advisory : php (MDKSA-2007:048)
A number of vulnerabilities were discovered in PHP language. Many buffer overflow flaws were discovered in the PHP session extension, the strreplace function, and the imapmailcompose function. An attacker able to use a PHP application using any of these functions could trigger these flaws and...
security flaw
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the 1 session, 2 zip, 3 imap, and 4 sqlite extensions; 5 stream filters; and the 6 strreplace, 7 mail, 8 ibasedeleteuser, 9 ibaseadduser, and 1...
CVE-2007-0906
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the 1 session, 2 zip, 3 imap, and 4 sqlite extensions; 5 stream filters; and the 6 strreplace, 7 mail, 8 ibasedeleteuser, 9 ibaseadduser, and 1...
Integer overflow
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the 1 session, 2 zip, 3 imap, and 4 sqlite extensions; 5 stream filters; and the 6 strreplace, 7 mail, 8 ibasedeleteuser, 9 ibaseadduser, and 1...
CVE-2007-0906
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the 1 session, 2 zip, 3 imap, and 4 sqlite extensions; 5 stream filters; and the 6 strreplace, 7 mail, 8 ibasedeleteuser, 9 ibaseadduser, and 1...
CVE-2007-0906
CVE-2007-0906: Several buffer overflows in PHP before 5.2.1 allow denial of service and possibly arbitrary code execution via vectors in the session, zip, imap, and sqlite extensions; stream filters; and in functions such as str_replace, mail, ibase_delete_user, ibase_add_user, and ibase_modify_u...
CVE-2007-0906
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the 1 session, 2 zip, 3 imap, and 4 sqlite extensions; 5 stream filters; and the 6 strreplace, 7 mail, 8 ibasedeleteuser, 9 ibaseadduser, and 1...
PHP-Update 2.7 - Multiple Vulnerabilities
= 4.1 allowing subs / if $argc 126 $result.=" ."; else $result.=" ".$string$i; if...