Hardened PHP Project Security Advisory - Multiple browsers suffers from a cross domain charset inheritance vulnerability. Affected include Firefox versions 2.0.0.1 and below, Internet Explorer 7,and Opera 9.
dcd8c435391d3c078ac9563c091bc0f6313cafd8de503cb88d02e58310efcc93
Hardened PHP Project Security Advisory - WordPress versions 2.0.5 and below are susceptible to SQL injection and arbitrary PHP code execution vulnerabilities.
6ae242405ad8f267856415ba69fbe2d72b0564bc948f563c7faddf7468dc8a27
Hardened PHP Project Security Advisory - WordPress versions 2.0.5 and below are susceptible to a cross site scripting vulnerability.
2e3cbc0dfeeffe8d32e3e64641b81da4f32b8024d0bbc6b54762599b015b0f9a
Hardened PHP Project Security Advisory - Dotdeb PHP versions below 5.2.0 revision 3 suffer from an email header injection vulnerability.
7aba22abbcde28fff1cae212fbfcccf3a83a9218f5ce24a5357f7b683d45e2bd
Hardened-PHP Project Security Advisory - PHP 5 versions 5.1.6 and below and PHP 4 versions 4.4.4 and below suffer from buffer overflows in htmlentities() and htmlspecialchars() which may allow for remote code execution.
dd4e3c70ff80ad927aae14623932b488a0e87be06018a88e926d95737511aa1d
Hardened-PHP Project Security Advisory - phpMyAdmin versions 2.9.0.2 and below suffer from a cross site scripting vulnerability in error.php.
1bae322ca8783399c8a21d7d7775c5260943a18a3e1112ed3866646ec425d742
Hardened-PHP Project Security Advisory - The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch. It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function. Earlier vulnerabilities in PHP's unserialize() that were also discovered by one of our audits in December 2004 are unrelated to the newly discovered flaw, but they have shown, that the unserialize() function is exposed to user-input in many popular PHP applications. Examples for applications that use the content of COOKIE variables with unserialize() are phpBB and Serendipity. The successful exploitation of this integer overflow will result in arbitrary code execution. PHP versions below 4.3.0 and versions below or equal to 5.1.6 are affected.
ec8e254e359278ada7c7209a0ce800bd53ecd06b1fe162e057e7ae221c714a4c
Hardened-PHP Project Security Advisory - PHP's open_basedir feature is meant to disallow scripts to access files outside a set of configured base directories. The checks for this are placed within PHP functions dealing with files before the actual open call is performed. Obviously there is a little span of time between the check and the actual open call. During this time span the checked path could have been altered and point to a file that is forbidden to be accessed due to open_basedir restrictions. PHP versions 4 and 5 are affected by this.
30b69580586034b39009158f223a863097c8ed27da275370e8a21b78400ad543
Hardened-PHP Project Security Advisory - DokuWiki comes with an AJAX spellchecking service that can be called by every visiting client without the need of authorization. Unfortunately, the spellchecking service used the /e modifier of preg_replace() to handle links that are embedded in the text to translate in an unsafe way, allowing for arbitrary code execution.
36f2eef55480c038e6f244e40684af192918fc3124d276f94581c4096cc9cb92
KisMAC versions below 73p and development versions below 113 suffer from a stack overflow when handling specially crafted 802.11 management frames.
a6f4fdecd7231d6ebfdad685575d72676300a2933903cc1aa6d21407c8be0a02
Hardened-PHP Project Security Advisory - PHP5 comes with the new mysqli extension, which recently got a new error reporting feature using exceptions. When an exception for such an error is thrown the error message is used as format string. Depending on the situation and configuration, f.e. a malicious MySQL server or an erroneous SQL query (f.e. through SQL injection) can result in PHP reporting a (partly) user supplied error message, which can result in triggering the format string vulnerability, which can lead to remote code execution. Versions 5.1 through 5.1.1 are affected. PHP4 is not affected.
18ec3642ab2d62fd5a42bd5d1437d23a8fe3f61f1cff06e814d6b1aa5c3b93ad
Hardened-PHP Project Security Advisory - Since PHP5 a user supplied session ID is sent back to the user within a Set-Cookie HTTP header. Because there were no checks performed on the validity of this session id, it was possible to inject arbitrary HTTP headers into the response body of applications using PHP's builtin session functionality by supplying a special crafted session id. Versions 5.1.1 and below are affected. PHP4 is not affected.
4971bbe2e06b48a7908ab9d7d47baf826e68790f86a6405adda7b5e886c9d6e9
Hardened-PHP Project Security Advisory - TinyMCE Compressor versions 1.0.5 and below suffer from an unchecked user input vulnerability that can allow for cross site scripting and disclosure of arbitrary files.
5ba9a1a6b5a7b435020260334850fe74a866e04070aad02a7a81f636e1114fd9
Multiple cross site scripting, authentication bypass, SQL injection, file inclusion, and password hash disclosure flaws exist in vTiger versions 4.2 and below. Various details disclosed.
5cebea0b280288ffbeb4e2854a40c056858c7c6bd6909cddb3b0988a9a8c0f45
phpSysInfo versions 2.4 and below suffer from cross site scripting, HTTP response splitting, and arbitrary file inclusion flaws.
0e06964507a7ccca53a11efcf06c1e94edfb9afdc2311b04881c95bf3b588fcd
PHPKIT versions 1.6.1 R2 and below suffer from cross site scripting, SQL injection, information disclosure, password hash disclosure, local file disclosure, and arbitrary code execution flaws. Various sample exploitation details provided.
a91e4d42b773ee597b5ea0162d7a64232a6a053f5d7b8e1af72709197633e2f8
During the development of the Hardening-Patch which adds security hardening features to the PHP codebase, several vulnerabilities within PHP were discovered. This advisory describes one of these flaws concerning a weakness in the file upload code, that allows overwriting the GLOBALS array when register_globals is turned on. Overwriting this array can lead to unexpected security holes in code assumed secure. This vulnerability can allow for remote PHP code execution. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.
f8dc972de9ab9723e24e079bb1aa1db52acccf6b34d75a662360600fa9ba97a0
During the development of the Hardening-Patch which adds security hardening features to the PHP codebase, several vulnerabilities within PHP were discovered. This advisory describes one of these flaws concerning a weakness in the implementation of the parse_str() function. Under certain conditions triggering the memory_limit request shutdown during a parse_str() call will result in the core of PHP believing that the register_globals directive is turned on (for the rest of the lifetime of the involved webserver process). This may allow an attacker to exploit security flaws in PHP applications that exist due to uninitialized global variables. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.
10f101097fd39138422e2a7874bdb94d072b4fbdce038e8405003d6abe5001f5
A weakness in PHP's phpinfo() function allows for cross site scripting attacks. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.
36fa6835dbeb10584c5e0f7fa40b5dfc12ef31a054c790a4bd79c93d91e4cddb
phpBB versions 2.0.17 and below are susceptible to multiple cross site scripting and SQL injection flaws.
b87a7fdac987ea5f043c9ea4c2452f356b8ee2127f77b05d8e0b347a4f218b3e
A vulnerability in the PHP XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.1.1 and below are affected.
19d40733455dcea434023fe40242a8416ebdce81f0b0db82c65eaaf8dc985605
A vulnerability in the PEAR XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.3.3 and below are affected.
69e67d5d0d2809ee1dd8aab9cb442c8038040d14db81b9435a92088852571ec9
UseBB versions 0.5.1 and below suffer from multiple SQL injection and cross site scripting vulnerabilities.
4d2114be500f23ebf091fb17d172b512c79677234c01f8a698f2554cef0dfe06
Hardened-PHP Project Security Advisory - Cross site scripting, password hash disclosure, SQL injection, and information disclosure vulnerabilities exist in Contrexx versions below 1.0.5.
985524575ae9eb12bcd0909c15c66b452b539eef3a58d55153bc284f126f0949