SUSE CVE-2007-1396

The importrequestvariables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the 1 GET, 2 POST, 3 COOKIE, 4 FILES, 5 SERVER, 6 SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address a...

atutor -- multiple vulnerabilities

ATutor reports: Security Fixes: Added a new layer of security over all php superglobals, fixed several XSS, CSRF, and SQL injection vulnerabilities...

CVE-2007-1396

The importrequestvariables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the 1 GET, 2 POST, 3 COOKIE, 4 FILES, 5 SERVER, 6 SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address a...

DEBIAN-CVE-2011-2719

libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain...

phpMyAdmin 3.3.x < 3.3.10.3 / 3.4.x < 3.4.3.2 Multiple Vulnerabilities

Binary data 5995.prm...

Coppermine Photo Gallery 1.4.19 - Remote File Upload

Written By Michael Brooks Special thanks to str0ke! Coppermine Photo gallery - Remote PHP File Upload Affects: v1.4.19 Homepage: http://coppermine-gallery.net/ 5,239,057 downloads from sf.net! For this attack we need registerglobals=on . The problem is that the anti-registerglobals security can b...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfigrootpath parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application'...

Design/Logic Flaw

The importrequestvariables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the 1 GET, 2 POST, 3 COOKIE, 4 FILES, 5 SERVER, 6 SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address a...

CVE-2007-1396

The importrequestvariables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the 1 GET, 2 POST, 3 COOKIE, 4 FILES, 5 SERVER, 6 SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address a...

CVE-2007-1396

The importrequestvariables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the 1 GET, 2 POST, 3 COOKIE, 4 FILES, 5 SERVER, 6 SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address a...

CVE-2007-1396

The CVE-2007-1396 entry describes a vulnerability in PHP where import_request_variables (PHP 4.0.7–4.4.6 and 5.x before 5.2.2) can overwrite superglobals (GET, POST, COOKIE, FILES, SERVER, SESSION, etc.) when called without a prefix, enabling remote attackers to spoof source IP and Referer data a...

CVE-2006-4673

Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the SERVERREMOTEADDR parameter to news.php...

CVE-2006-4673

The CVE-2006-4673 entry concerns PHP-Fusion 6.01.4 and earlier, where maincore.php applies extract() to superglobals. This enables a global-variable overwriting flaw that can lead to SQL injection via the _SERVER[REMOTE_ADDR] parameter to news.php. The vulnerability arises from unrestricted varia...

PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 4.4.1 or 5.0.6. Such versions fail to protect the '$GLOBALS' superglobals variable from being overwritten due to weaknesses in the file upload handling code as well as the 'extract' and 'importrequestvariables'...