2 matches found
CVE-2006-3016
CVE-2006-3016 is a PHP vulnerability in the session handling code (session.c) that could allow a remote attacker to trigger a cross-site scripting or HTTP response splitting attack by supplying a crafted session identifier. The issue is associated with using non-alphanumeric session names and is ...
CVE-2006-3018
CVE-2006-3018 affects PHP before 5.1.3, with unknown impact and heap-corruption in the session extension. Affected product: PHP 5.1.x prior to 5.1.3. Public details describe an unspecified vulnerability in session handling, but exploitation vectors/impact are not fully disclosed in the provided d...