35 matches found
EUVD-2006-1991
Malware in sbrugna...
SUSE CVE-2006-1991
The substrcompare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service memory access violation via an out-of-bounds offset argument...
Ubuntu: Security Advisory (USN-320-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-1919
Incorrect bounds calculations in substrcompare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...
CVE-2020-1919
Incorrect bounds calculations in substrcompare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...
Out-of-bounds
Incorrect bounds calculations in substrcompare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...
UBUNTU-CVE-2020-1919
Incorrect bounds calculations in substrcompare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...
CVE-2020-1919
Incorrect bounds calculations in substrcompare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...
CVE-2020-1919
Incorrect bounds calculations in substrcompare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...
CVE-2020-1919
CVE-2020-1919 affects HHVM: incorrect bounds calculations in substr_compare could cause an out-of-bounds read when the second string arg is longer than the first. Affected versions include all HHVM builds prior to 4.56.3, 4.57.0–4.80.1, 4.81.0–4.93.1, and 4.94.0–4.98.0. The connected documents pr...
PHP <= 5.2.1 substr_compare() Information Leak Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...
PHP <= 5.2.1 session_regenerate_id() Double Free Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...
PHP 5.2.2 Substr_Compare 函数存在整形溢出漏洞
No description provided by source...
Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-320-1)
The phpinfo PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo. Please note that it is not recommended to publicly expose phpinfo. CVE-2006-0996 An...
GLSA-200705-19 : PHP: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200705-19 PHP: Multiple vulnerabilities Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs MOPB by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the G...
PHP 5 Substr_Count整数溢出漏洞
PHP是一款广泛使用的WEB开发脚本语言。 PHP 5包含的substrcompare函数存在整数溢出,远程攻击者可以利用漏洞获得PHP变量的敏感信息。 substrcompare函数对输入参数进行2次过滤检查: if offset 0 offset = s1len + offset; offset = offset 0 ? 0 : offset; if offset + len s1len phperrordocrefNULL TSRMLSCC, EWARNING, "The start position cannot exceed ..."; RETURNFALSE;...
FreeBSD : php -- multiple vulnerabilities (f5e52bf5-fc77-11db-8163-000e0c2e438a)
The PHP development team reports : Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7 : - Fixed CVE-2007-1001, GD wbmp used with invalid image size - Fixed asciiz byte truncation inside mail - Fixed a bug in mbparsestr that can be used to activate registerglobals - Fixed unallocated memor...
MOPB-substr.txt
?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...
MOPB-header.txt
?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...
PHP 4.4.6/5.2.1 - ext/gd Already Freed Resources Usage
?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...