MiracleLinux 4 : php-5.3.3-3.AXS4.5 (AXSA:2012-30:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-30:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers...

K15441: PHP vulnerability CVE-2011-1148

Security Advisory Description Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact by using the same variable for multiple arguments...

SUSE CVE-2010-2190

The 1 trim, 2 ltrim, 3 rtrim, and 4 substrreplace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function, related to the call time pass by reference...

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. The vulnerability exists as a use-after-free flaw was found in the PHP substrreplace function. If a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly,...

Internet Bug Bounty: heap overflow in substr_replace

Please check: https://bugs.php.net/bug.php?id=72877...

CentOS Update for php53 CESA-2011:1423 centos5 x86_64

Check for the Version of php53 OpenVAS Vulnerability Test CentOS Update for php53 CESA-2011:1423 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

php: use-after-free vulnerability in substr_replace()

Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact by using the same variable for multiple arguments...

Moderate: Red Hat Security Advisory: php53 and php security update

Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...

USN-1126-1: PHP vulnerabilities

Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. CVE-2011-0441 Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite...

PHP 5.2.x,5.3.x trim,ltrim,rtrim,substr_replace函数信息泄露漏洞

No description provided by source...

PHP <5.3.7 substr_replace()释放后重用拒绝服务漏洞

No description provided by source...

PHP < 5.3.7 Use After Free Vulnerability

PHP is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

CVE-2011-1148

Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact by using the same variable for multiple arguments...

CVE-2011-1148

Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact by using the same variable for multiple arguments...

PHP &quot;substr_replace()&quot;释放后重用远程内存破坏漏洞

BUGTRAQ ID: 46843 CVE ID: CVE-2011-1148 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的"substrreplace"函数在实现上存在释放后重用远程内存破坏漏洞，远程攻击者可利用此漏洞在网络服务器中执行任意代码，造成拒绝服务。 此漏洞源于在将同一个变量多次发送到"substrreplace"函数时，PHP会使该函数中的三个变量使用同一个指针，所以当函数中的类型转换更改了该指针，该指针也会使其他变量无效。 PHP PHP 5.3.x PHP PHP 5.2.x 厂商补丁： PHP ---...

CVE-2010-2190

CVE-2010-2190 affects PHP 5.2.x (up to 5.2.13) and 5.3.x (up to 5.3.2). The vulnerability arises in the functions trim, ltrim, rtrim, and substr_replace, allowing a context-dependent attacker to obtain sensitive information (memory contents) by triggering an internal function interruption related...