Showing 1 - 7 of 7

CVE-2007-1583

Status Candidate

Overview

The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.

Related Files

Gentoo Linux Security Advisory 200705-19: Posted May 31, 2007; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200705-19 - Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the GD library and in the substr_compare() PHP 5 function. Ilia Alshanetsky also reported a buffer overflow in the make_http_soap_request() and in the user_filter_factory_create() functions, and Stanislav Malyshev discovered another buffer overflow in the bundled XMLRPC library. Additionally, the session_regenerate_id() and the array_user_key_compare() functions contain a double-free vulnerability. Finally, there exist implementation errors in the Zend engine, in the mb_parse_str(), the unserialize() and the mail() functions and other elements. Versions less than 5.2.2 are affected.; tags | advisory, overflow, php, vulnerability; systems | linux, gentoo; advisories | CVE-2007-1001, CVE-2007-1285, CVE-2007-1286, CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1701, CVE-2007-1711, CVE-2007-1717, CVE-2007-1718, CVE-2007-1864, CVE-2007-1900, CVE-2007-2509, CVE-2007-2510, CVE-2007-2511; SHA-256 | 85b7223b6bfd70f54588716713c6a4f7ef1cdaf921d40a164c836fe16bbb3b6f; Download | Favorite | View

OpenPKG Security Advisory 2007.19: Posted May 31, 2007; Authored by OpenPKG Foundation | Site openpkg.com; OpenPKG Security Advisory - Multiple vulnerabilities in PHP versions 5.2.2 and below have been addressed.; tags | advisory, php, vulnerability; advisories | CVE-2007-1380, CVE-2007-1375, CVE-2007-1376, CVE-2007-1521, CVE-2007-1484, CVE-2007-1583, CVE-2007-1700, CVE-2007-1718, CVE-2007-1461, CVE-2007-1887, CVE-2007-1888, CVE-2007-1717, CVE-2007-1835, CVE-2007-1890, CVE-2007-1824; SHA-256 | de25ea5eaff6e286c1e16000b5dfce7c3dedab43e0b8b25a85fcd5852260b7f1; Download | Favorite | View

Debian Linux Security Advisory 1283-1: Posted May 3, 2007; Authored by Debian | Site debian.org; Debian Security Advisory 1283-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.; tags | advisory, remote, arbitrary, php, vulnerability; systems | linux, debian; advisories | CVE-2007-1286, CVE-2007-1375, CVE-2007-1376, CVE-2007-1380, CVE-2007-1453, CVE-2007-1454, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1711, CVE-2007-1718, CVE-2007-1777, CVE-2007-1824, CVE-2007-1887, CVE-2007-1889, CVE-2007-1900; SHA-256 | c54d56268b90168aacfce8d14ed3df2d22e9234134cbe834f81eef7a9f542934; Download | Favorite | View

Ubuntu Security Notice 455-1: Posted May 3, 2007; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 455-1 - A slew of vulnerabilities for PHP5 have been patched.; tags | advisory, vulnerability; systems | linux, ubuntu; advisories | CVE-2007-1375, CVE-2007-1376, CVE-2007-1380, CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1718, CVE-2007-1824, CVE-2007-1887, CVE-2007-1888, CVE-2007-1900; SHA-256 | 9221520c5009cf2bb524114fcbffb5b8b2f37131a7f6950913a67f0b3757c552; Download | Favorite | View

Mandriva Linux Security Advisory 2007.090: Posted Apr 20, 2007; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - A slew of PHP vulnerabilities have been patched for 2007.0.; tags | advisory, php, vulnerability; systems | linux, mandriva; advisories | CVE-2007-1001, CVE-2007-1285, CVE-2007-1454, CVE-2007-1718, CVE-2007-1583; SHA-256 | 170fdf6f224bc714d6fc44d1ff2d7dccc2c0c3039c8c74302c1eb7ea38ee5a2a; Download | Favorite | View

Mandriva Linux Security Advisory 2007.089: Posted Apr 20, 2007; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - A slew of PHP vulnerabilities have been patched for 2007.0, Corporate 4.0.; tags | advisory, php, vulnerability; systems | linux, mandriva; advisories | CVE-2007-1001, CVE-2007-1285, CVE-2007-1718, CVE-2007-1583; SHA-256 | 794e22e3f5b0e6b63559a1daa2d1286af468ba2df6fc2bb1dfaed9e9b64a2822; Download | Favorite | View

Mandriva Linux Security Advisory 2007.088: Posted Apr 20, 2007; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - A slew of PHP vulnerabilities have been patched for Corporate 4.0.; tags | advisory, php, vulnerability; systems | linux, mandriva; advisories | CVE-2007-1001, CVE-2007-1285, CVE-2007-1286, CVE-2007-1711, CVE-2007-1718, CVE-2007-1583; SHA-256 | d4bca33f7631979dcc46c1dc4e70d4e380393821c54fca3f8163e1d813b7d91a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 87 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

CVE-2007-1583

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems