EUVD-2007-3982

Malware in sbrugna...

Internet Bug Bounty: memory corruption in wordwrap function

Please check: https://bugs.php.net/bug.php?id=73017...

PHP 5.1.x < 5.1.5 Multiple Vulnerabilities

According to its banner, the version of PHP 5.x installed on the remote host is older than 5.1.5. Such versions may be affected by the following vulnerabilities : - The c-client library 2000, 2001, or 2004 for PHP does not check the safemode or openbasedir functions. CVE-2006-1017 - A buffer...

SuSE9 Security Update : PHP4 (YOU Patch Number 12049)

This update fixes multiple bugs in php : - several problems in pcre CVE-2007-1660, CVE-2006-7225, CVE-2006-7224, CVE-2006-7226 CVE-2007-1659, CVE-2006-7230 - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars. CVE-2007-5898 - overly long arguments to the dl function could...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4810)

This update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities CVE-2007-1659, CVE-2006-7230, CVE-2007-1660, CVE-2006-7227 CVE-2005-4872, CVE-2006-7228 - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars CVE-2007-5898 - overly long...

Debian DSA-1444-2 : php5 - several vulnerabilities

It was discovered that the patch for CVE-2007-4659 could lead to regressions in some scenarios. The fix has been reverted for now, a revised update will be provided in a future PHP DSA. For reference the original advisory below : Several remote vulnerabilities have been discovered in PHP, a...

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix several security issues are now available for Red Hat Application Stack. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The...

php security update

CentOS Errata and Security Advisory CESA-2007:0889 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting languag...

CentOS 4 / 5 : php (CESA-2007:0890)

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

CVE-2007-3998

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service divide-by-zero error and application crash, or infinite loop via certain arguments, as demonstrated by a 'chr0, 0, ""'...

CVE-2007-3998

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service divide-by-zero error and application crash, or infinite loop via certain arguments, as demonstrated by a 'chr0, 0, ""'...

PHP多个安全漏洞.

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP中存在多个安全漏洞，具体如下： 1 fileexists、imapopen和imapreopen函数中缺少safemode和openbasedir验证； 2 在64位系统上strrepeat和wordwrap函数存在边界错误； 3 可通过cURL扩展和realpath缓存绕过openbasedir和safemode保护机制； 4 GD扩展处理畸形GIF图形时存在边界条件错误； 5 stripos函数中的错误可能导致界外内存读取； 6 64位系统上存在错误的memorylimit限制。...

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server....

USN-320-1: PHP vulnerabilities

The phpinfo PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo. Please note that it is not recommended to publicly expose phpinfo. CVE-2006-0996 An...

Buffer overflow in PHP &quot;wordwrap&quot; function

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There is a buffer overflow in PHP's built-in "wordwrap" function for PHP versions greater than 4.1.2 and less than 4.3.0. Please see http://bugs.php.net/bug.php?id=20927 for details. If you use the wordwrap function on user-supplied input, a...

PHP buffer overflow

Buffer overflow in wordwrap function...