php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used

The graphemestrpos function in ext/intl/grapheme/graphemestring.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a negative offset...

PHP 5.1.x < 5.1.5 Multiple Vulnerabilities

According to its banner, the version of PHP 5.x installed on the remote host is older than 5.1.5. Such versions may be affected by the following vulnerabilities : - The c-client library 2000, 2001, or 2004 for PHP does not check the safemode or openbasedir functions. CVE-2006-1017 - A buffer...

Mandrake Linux Security Advisory : php (MDKSA-2006:162)

The 1 fileexists and 2 imapreopen functions in PHP before 5.1.5 do not check for the safemode and openbasedir settings, which allows local users to bypass the settings CVE-2006-4481. Buffer overflow in the LWZReadByte function in ext/gd/libgd/gdgifin.c in the GD extension in PHP before 5.1.5 allo...

PHP多个安全漏洞.

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP中存在多个安全漏洞，具体如下： 1 fileexists、imapopen和imapreopen函数中缺少safemode和openbasedir验证； 2 在64位系统上strrepeat和wordwrap函数存在边界错误； 3 可通过cURL扩展和realpath缓存绕过openbasedir和safemode保护机制； 4 GD扩展处理畸形GIF图形时存在边界条件错误； 5 stripos函数中的错误可能导致界外内存读取； 6 64位系统上存在错误的memorylimit限制。...

security flaw

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read...

[Full-disclosure] [ MDKSA-2006:162 ] - Updated php packages fix vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2006:162 http://www.mandriva.com/security/ Package : php Date : September 7, 2006 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0 Problem Description: The 1 fileexists and 2 imapreopen functions in PH...

CVE-2006-4485

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read...

CVE-2006-4485

The CVE-2006-4485 issue is a concrete vulnerability in PHP 5.x up to versions before 5.1.5, where the stripos function may trigger an out-of-bounds read. Public references in OpenVAS/Ubuntu advisories confirm PHP 5.1.x

CVE-2006-4485

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read...

php -- multiple vulnerabilities

The PHP development team reports: Added missing safemode/openbasedir checks inside the errorlog, fileexists, imapopen and imapreopen functions. Fixed overflows inside strrepeat and wordwrap functions on 64bit systems. Fixed possible openbasedir/safemode bypass in cURL extension and with realpath...