EUVD-2010-3848

Malware in sbrugna...

SUSE CVE-2010-3870

The utf8decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string...

Cross-site Scripting (XSS)

php is vulnerable to cross-site scripting XSS. The vulnerability exists as a numeric truncation error and an input validation flaw were found in the way the PHP utf8decode function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escape...

openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:1012-1)

Insufficient handling of certain character sequences in the utf8decode function could be leveraged to conduct cross-site-scripting XSS attacks CVE-2010-3870. php5 could also consume large amounts of memory and crash if a long mail address was passed to filtervar with parmeter FILTERVALIDATEEMAIL...

PHP <5.3.4 utf8_decode函数输入验证漏洞

No description provided by source...

php security update

CentOS Errata and Security Advisory CESA-2010:0919 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...

CVE-2010-3870

The utf8decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string...

Cross site scripting

The utf8decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string...

CVE-2010-3870

The CVE-2010-3870 issue affects PHP before 5.3.4, where utf8_decode mishandles non-shortest form UTF-8 and ill-formed subsequences. This can let remote attackers bypass XSS and SQL injection protection via crafted input. Affected: PHP prior to 5.3.4 (exact product/version details stated in CVE de...

CVE-2010-3870

The utf8decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string...

CVE-2010-3870

The utf8decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string...

MDVA-2009:193 : php

This is a bugfix and maintenance release for php that upgrades php to 5.3.1RC3 and fixes some bugs: - fix 54993 - With latest php-5.3.xx, it's not needed to build a separate binary for FastCGI SAPI support, this is always enabled in the php-cgi binary. This obsoletes the php-fcgi package and also...