Hardened PHP Project Security Advisory - Dotdeb PHP versions below 5.2.0 revision 3 suffer from an email header injection vulnerability.
7aba22abbcde28fff1cae212fbfcccf3a83a9218f5ce24a5357f7b683d45e2bdHardened-PHP Project Security Advisory - PHP 5 versions 5.1.6 and below and PHP 4 versions 4.4.4 and below suffer from buffer overflows in htmlentities() and htmlspecialchars() which may allow for remote code execution.
dd4e3c70ff80ad927aae14623932b488a0e87be06018a88e926d95737511aa1dHardened-PHP Project Security Advisory - phpMyAdmin versions 2.9.0.2 and below suffer from a cross site scripting vulnerability in error.php.
1bae322ca8783399c8a21d7d7775c5260943a18a3e1112ed3866646ec425d742Hardened-PHP Project Security Advisory - The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch. It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function. Earlier vulnerabilities in PHP's unserialize() that were also discovered by one of our audits in December 2004 are unrelated to the newly discovered flaw, but they have shown, that the unserialize() function is exposed to user-input in many popular PHP applications. Examples for applications that use the content of COOKIE variables with unserialize() are phpBB and Serendipity. The successful exploitation of this integer overflow will result in arbitrary code execution. PHP versions below 4.3.0 and versions below or equal to 5.1.6 are affected.
ec8e254e359278ada7c7209a0ce800bd53ecd06b1fe162e057e7ae221c714a4cHardened-PHP Project Security Advisory - PHP's open_basedir feature is meant to disallow scripts to access files outside a set of configured base directories. The checks for this are placed within PHP functions dealing with files before the actual open call is performed. Obviously there is a little span of time between the check and the actual open call. During this time span the checked path could have been altered and point to a file that is forbidden to be accessed due to open_basedir restrictions. PHP versions 4 and 5 are affected by this.
30b69580586034b39009158f223a863097c8ed27da275370e8a21b78400ad543PHProjekt 5.1.1 suffers from a flaw that could allow attackers to include remote php files.
aa12a2eced2ce5f6ffbf950f407376aa21d5c08203dfc01de189419559e35eb0The Zend Platform versions 2.2.1 and below suffer from multiple vulnerabilities.
0719bf1fa509737c893eafff775c3b21608acd3ee922f69666634439f10bd5b7Hardened-PHP Project Security Advisory - DokuWiki comes with an AJAX spellchecking service that can be called by every visiting client without the need of authorization. Unfortunately, the spellchecking service used the /e modifier of preg_replace() to handle links that are embedded in the text to translate in an unsafe way, allowing for arbitrary code execution.
36f2eef55480c038e6f244e40684af192918fc3124d276f94581c4096cc9cb92KisMAC versions below 73p and development versions below 113 suffer from a stack overflow when handling specially crafted 802.11 management frames.
a6f4fdecd7231d6ebfdad685575d72676300a2933903cc1aa6d21407c8be0a02Hardened-PHP Project Security Advisory - PHP5 comes with the new mysqli extension, which recently got a new error reporting feature using exceptions. When an exception for such an error is thrown the error message is used as format string. Depending on the situation and configuration, f.e. a malicious MySQL server or an erroneous SQL query (f.e. through SQL injection) can result in PHP reporting a (partly) user supplied error message, which can result in triggering the format string vulnerability, which can lead to remote code execution. Versions 5.1 through 5.1.1 are affected. PHP4 is not affected.
18ec3642ab2d62fd5a42bd5d1437d23a8fe3f61f1cff06e814d6b1aa5c3b93adHardened-PHP Project Security Advisory - Since PHP5 a user supplied session ID is sent back to the user within a Set-Cookie HTTP header. Because there were no checks performed on the validity of this session id, it was possible to inject arbitrary HTTP headers into the response body of applications using PHP's builtin session functionality by supplying a special crafted session id. Versions 5.1.1 and below are affected. PHP4 is not affected.
4971bbe2e06b48a7908ab9d7d47baf826e68790f86a6405adda7b5e886c9d6e9Hardened-PHP Project Security Advisory - TinyMCE Compressor versions 1.0.5 and below suffer from an unchecked user input vulnerability that can allow for cross site scripting and disclosure of arbitrary files.
5ba9a1a6b5a7b435020260334850fe74a866e04070aad02a7a81f636e1114fd9Hardened-PHP Project Security Advisory - A quick audit of the variable overwrite protection that was redesigned for phpMyAdmin 2.7.0 revealed an easy to exploit flaw, that leads to total failure of the protection and therefore opens phpMyAdmin to a number of cross site scripting, local and remote file inclusion vulnerabilities.
ca28a2f1c10173da470818fb65d58d6fb8575353776199c4b7a672067438225bHardened-PHP Project Security Advisory - During a quick scan of the URL parsing code within libcurl, it was discovered, that certain malformed URLs trigger an off-by-one(two) buffer overflow. This may lead to unintended arbitrary code execution. Versions 7.15.0 and below are affected.
f3403ec96218c1351bad8de9b0d4762183c5b2ed2469234ad0cca93122636401Multiple cross site scripting, authentication bypass, SQL injection, file inclusion, and password hash disclosure flaws exist in vTiger versions 4.2 and below. Various details disclosed.
5cebea0b280288ffbeb4e2854a40c056858c7c6bd6909cddb3b0988a9a8c0f45During the development of the Hardening-Patch which adds security hardening features to the PHP codebase, several vulnerabilities within PHP were discovered. This advisory describes one of these flaws concerning a weakness in the file upload code, that allows overwriting the GLOBALS array when register_globals is turned on. Overwriting this array can lead to unexpected security holes in code assumed secure. This vulnerability can allow for remote PHP code execution. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.
f8dc972de9ab9723e24e079bb1aa1db52acccf6b34d75a662360600fa9ba97a0During the development of the Hardening-Patch which adds security hardening features to the PHP codebase, several vulnerabilities within PHP were discovered. This advisory describes one of these flaws concerning a weakness in the implementation of the parse_str() function. Under certain conditions triggering the memory_limit request shutdown during a parse_str() call will result in the core of PHP believing that the register_globals directive is turned on (for the rest of the lifetime of the involved webserver process). This may allow an attacker to exploit security flaws in PHP applications that exist due to uninitialized global variables. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.
10f101097fd39138422e2a7874bdb94d072b4fbdce038e8405003d6abe5001f5A weakness in PHP's phpinfo() function allows for cross site scripting attacks. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.
36fa6835dbeb10584c5e0f7fa40b5dfc12ef31a054c790a4bd79c93d91e4cddbphpBB versions 2.0.17 and below are susceptible to multiple cross site scripting and SQL injection flaws.
b87a7fdac987ea5f043c9ea4c2452f356b8ee2127f77b05d8e0b347a4f218b3eHardened-PHP Project Security Advisory - And audit of phpMyAdmin revealed a design flaw in the way phpMyAdmin includes it's register_globals compatibility layer, that allows inclusion of arbitrary local files, which usually leads to remote code execution.
07c39621998dfc6ec31c6e8cee28b68e1549bc5e4f8dd5cf117ed955de7ddbc5A vulnerability in the PHP XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.1.1 and below are affected.
19d40733455dcea434023fe40242a8416ebdce81f0b0db82c65eaaf8dc985605A vulnerability in the PEAR XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.3.3 and below are affected.
69e67d5d0d2809ee1dd8aab9cb442c8038040d14db81b9435a92088852571ec9UseBB versions 0.5.1 and below suffer from multiple SQL injection and cross site scripting vulnerabilities.
4d2114be500f23ebf091fb17d172b512c79677234c01f8a698f2554cef0dfe06Yawp/YaWiki versions 1.0.6 and below suffer from a remote URL include vulnerability.
a84f980bc610b65689b1c82b416b74a4353c6933a5905db5d83859b2d7ec3d28An uninitialized variable within PunBB can allow for SQL injection attacks. Versions 1.2.5 and below are affected.
eb81280e35ea34327585e1b7b5729bfc63d2a0f2e92532ceca5e39189c9408be
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed