EUVD-2013-1666

Malware in sbrugna...

K14432: PHP SOAP wdsl cache file vulnerability CVE-2013-1635

Security Advisory Description PHP does not validate the configuration directive soap.wsdlcachedir before writing SOAP wsdl cache files to the filesystem. Impact An attacker is able to write remote wsdl files to arbitrary locations on an affected system. Security Advisory Status To determine if yo...

FreeBSD : php5 -- Multiple vulnerabilities (1d23109a-9005-11e2-9602-d43d7e0c7c02)

The PHP development team reports : PHP does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. The...

Debian Security Advisory DSA 2639-1 (php5 - several vulnerabilities)

Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-1635 If a PHP application accepted untrusted SOAP object input remotely from clients, an attacker could read system files...

Mandriva Linux Security Advisory : php (MDVSA-2013:016)

Multiple vulnerabilities has been discovered and corrected in php : PHP does not validate the configration directive soap.wsdlcachedir before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations CVE-2013-1635. PHP allows the u...