HP Security Bulletin HPSBMU02786 SSRT100877 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux, Windows, and VMware ESX. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 2 of this advisory.
80f8158182e481b6569a26d38a63761b
HP Security Bulletin HPSBUX02791 SSRT100856 2 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server running PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, elevate privileges, or create a Denial of Service (DoS). PHP is contained in the HP-UX Apache Web Server Suite. Revision 2 of this advisory.
84d824e5b8014f228911171ae7c784a3
HP Security Bulletin HPSBMU02786 SSRT100877 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 1 of this advisory.
31d29fe7aaae474acd1185e3d5e9e226
Red Hat Security Advisory 2012-1046-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
1cfbb7a7853f24a6af516dd457d79105
Red Hat Security Advisory 2012-1045-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
44a2a2166372550073793055ce019749
Red Hat Security Advisory 2012-1047-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
fd52a465cdd2ce15e3d251c23c619b89
HP Security Bulletin HPSBUX02791 SSRT100856 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server running PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, elevate privileges, or create a Denial of Service (DoS). PHP is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.
fad626e07cd3d3ff9ea78ea3818096f8
Debian Linux Security Advisory 2408-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.
30572e2d3b9b0da8c4758495a306b3fe
Ubuntu Security Notice 1358-2 - USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get() function. Various other issues were also addressed.
afb798bff046c3e88238eb395ad62b28
Ubuntu Security Notice 1358-1 - It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. ATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a "max_input_vars" directive to the php.ini configuration file. See http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars for more information. Various other issues were also addressed.
283098275d1a7663b375247bc413b584
PHP version 5.3.8 suffers from multiple NULL pointer dereference vulnerabilities.
bf292105d03f6ab7cae2bdbb9f964464