Hardened PHP Project Security Advisory - Multiple browsers suffers from a cross domain charset inheritance vulnerability. Affected include Firefox versions 2.0.0.1 and below, Internet Explorer 7,and Opera 9.
dcd8c435391d3c078ac9563c091bc0f6313cafd8de503cb88d02e58310efcc93Hardened PHP Project Security Advisory - WordPress versions 2.0.5 and below are susceptible to SQL injection and arbitrary PHP code execution vulnerabilities.
6ae242405ad8f267856415ba69fbe2d72b0564bc948f563c7faddf7468dc8a27Hardened PHP Project Security Advisory - WordPress versions 2.0.5 and below are susceptible to a cross site scripting vulnerability.
2e3cbc0dfeeffe8d32e3e64641b81da4f32b8024d0bbc6b54762599b015b0f9aHardened PHP Project Security Advisory - Dotdeb PHP versions below 5.2.0 revision 3 suffer from an email header injection vulnerability.
7aba22abbcde28fff1cae212fbfcccf3a83a9218f5ce24a5357f7b683d45e2bdHardened-PHP Project Security Advisory - PHP 5 versions 5.1.6 and below and PHP 4 versions 4.4.4 and below suffer from buffer overflows in htmlentities() and htmlspecialchars() which may allow for remote code execution.
dd4e3c70ff80ad927aae14623932b488a0e87be06018a88e926d95737511aa1dHardened-PHP Project Security Advisory - phpMyAdmin versions 2.9.0.2 and below suffer from a cross site scripting vulnerability in error.php.
1bae322ca8783399c8a21d7d7775c5260943a18a3e1112ed3866646ec425d742Hardened-PHP Project Security Advisory - The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch. It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function. Earlier vulnerabilities in PHP's unserialize() that were also discovered by one of our audits in December 2004 are unrelated to the newly discovered flaw, but they have shown, that the unserialize() function is exposed to user-input in many popular PHP applications. Examples for applications that use the content of COOKIE variables with unserialize() are phpBB and Serendipity. The successful exploitation of this integer overflow will result in arbitrary code execution. PHP versions below 4.3.0 and versions below or equal to 5.1.6 are affected.
ec8e254e359278ada7c7209a0ce800bd53ecd06b1fe162e057e7ae221c714a4cHardened-PHP Project Security Advisory - PHP's open_basedir feature is meant to disallow scripts to access files outside a set of configured base directories. The checks for this are placed within PHP functions dealing with files before the actual open call is performed. Obviously there is a little span of time between the check and the actual open call. During this time span the checked path could have been altered and point to a file that is forbidden to be accessed due to open_basedir restrictions. PHP versions 4 and 5 are affected by this.
30b69580586034b39009158f223a863097c8ed27da275370e8a21b78400ad543Hardened-PHP Project Security Advisory - DokuWiki comes with an AJAX spellchecking service that can be called by every visiting client without the need of authorization. Unfortunately, the spellchecking service used the /e modifier of preg_replace() to handle links that are embedded in the text to translate in an unsafe way, allowing for arbitrary code execution.
36f2eef55480c038e6f244e40684af192918fc3124d276f94581c4096cc9cb92KisMAC versions below 73p and development versions below 113 suffer from a stack overflow when handling specially crafted 802.11 management frames.
a6f4fdecd7231d6ebfdad685575d72676300a2933903cc1aa6d21407c8be0a02Hardened-PHP Project Security Advisory - PHP5 comes with the new mysqli extension, which recently got a new error reporting feature using exceptions. When an exception for such an error is thrown the error message is used as format string. Depending on the situation and configuration, f.e. a malicious MySQL server or an erroneous SQL query (f.e. through SQL injection) can result in PHP reporting a (partly) user supplied error message, which can result in triggering the format string vulnerability, which can lead to remote code execution. Versions 5.1 through 5.1.1 are affected. PHP4 is not affected.
18ec3642ab2d62fd5a42bd5d1437d23a8fe3f61f1cff06e814d6b1aa5c3b93adHardened-PHP Project Security Advisory - Since PHP5 a user supplied session ID is sent back to the user within a Set-Cookie HTTP header. Because there were no checks performed on the validity of this session id, it was possible to inject arbitrary HTTP headers into the response body of applications using PHP's builtin session functionality by supplying a special crafted session id. Versions 5.1.1 and below are affected. PHP4 is not affected.
4971bbe2e06b48a7908ab9d7d47baf826e68790f86a6405adda7b5e886c9d6e9Hardened-PHP Project Security Advisory - TinyMCE Compressor versions 1.0.5 and below suffer from an unchecked user input vulnerability that can allow for cross site scripting and disclosure of arbitrary files.
5ba9a1a6b5a7b435020260334850fe74a866e04070aad02a7a81f636e1114fd9Multiple cross site scripting, authentication bypass, SQL injection, file inclusion, and password hash disclosure flaws exist in vTiger versions 4.2 and below. Various details disclosed.
5cebea0b280288ffbeb4e2854a40c056858c7c6bd6909cddb3b0988a9a8c0f45phpSysInfo versions 2.4 and below suffer from cross site scripting, HTTP response splitting, and arbitrary file inclusion flaws.
0e06964507a7ccca53a11efcf06c1e94edfb9afdc2311b04881c95bf3b588fcdPHPKIT versions 1.6.1 R2 and below suffer from cross site scripting, SQL injection, information disclosure, password hash disclosure, local file disclosure, and arbitrary code execution flaws. Various sample exploitation details provided.
a91e4d42b773ee597b5ea0162d7a64232a6a053f5d7b8e1af72709197633e2f8During the development of the Hardening-Patch which adds security hardening features to the PHP codebase, several vulnerabilities within PHP were discovered. This advisory describes one of these flaws concerning a weakness in the file upload code, that allows overwriting the GLOBALS array when register_globals is turned on. Overwriting this array can lead to unexpected security holes in code assumed secure. This vulnerability can allow for remote PHP code execution. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.
f8dc972de9ab9723e24e079bb1aa1db52acccf6b34d75a662360600fa9ba97a0During the development of the Hardening-Patch which adds security hardening features to the PHP codebase, several vulnerabilities within PHP were discovered. This advisory describes one of these flaws concerning a weakness in the implementation of the parse_str() function. Under certain conditions triggering the memory_limit request shutdown during a parse_str() call will result in the core of PHP believing that the register_globals directive is turned on (for the rest of the lifetime of the involved webserver process). This may allow an attacker to exploit security flaws in PHP applications that exist due to uninitialized global variables. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.
10f101097fd39138422e2a7874bdb94d072b4fbdce038e8405003d6abe5001f5A weakness in PHP's phpinfo() function allows for cross site scripting attacks. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.
36fa6835dbeb10584c5e0f7fa40b5dfc12ef31a054c790a4bd79c93d91e4cddbphpBB versions 2.0.17 and below are susceptible to multiple cross site scripting and SQL injection flaws.
b87a7fdac987ea5f043c9ea4c2452f356b8ee2127f77b05d8e0b347a4f218b3eA vulnerability in the PHP XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.1.1 and below are affected.
19d40733455dcea434023fe40242a8416ebdce81f0b0db82c65eaaf8dc985605A vulnerability in the PEAR XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.3.3 and below are affected.
69e67d5d0d2809ee1dd8aab9cb442c8038040d14db81b9435a92088852571ec9UseBB versions 0.5.1 and below suffer from multiple SQL injection and cross site scripting vulnerabilities.
4d2114be500f23ebf091fb17d172b512c79677234c01f8a698f2554cef0dfe06Hardened-PHP Project Security Advisory - Cross site scripting, password hash disclosure, SQL injection, and information disclosure vulnerabilities exist in Contrexx versions below 1.0.5.
985524575ae9eb12bcd0909c15c66b452b539eef3a58d55153bc284f126f0949
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed