This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-12 06:36:57 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
07f3fe15-a9de-11d9-a788-0001020eed82 | php -- readfile() DoS vulnerability A SUSE Security advisory reports:
Discovery 2004-01-25 Entry 2005-04-10 mod_php4-twig php4-cgi php4-cli php4-dtc php4-horde php4-nms php4 < 4.3.5_7 mod_php mod_php4 < 4.3.5_7,1 12665 CVE-2005-0596 http://bugs.php.net/bug.php?id=27037 http://www.novell.com/linux/security/advisories/2005_06_sr.html |
562a3fdf-16d6-11d9-bc4a-000c41e2cdad | php -- vulnerability in RFC 1867 file upload processing Stefano Di Paola discovered an issue with PHP that could allow someone to upload a file to any directory writeable by the httpd process. Any sanitizing performed on the prepended directory path is ignored. This bug can only be triggered if the $_FILES element name contains an underscore. Discovery 2004-09-15 Entry 2004-09-15 Modified 2004-10-12 php4 php4-cgi le 4.3.8_2 mod_php4 le 4.3.8_2,1 php5 php5-cgi le 5.0.1 mod_php5 le 5.0.1,1 http://marc.theaimsgroup.com/?l=bugtraq&m=109534848430404 http://marc.theaimsgroup.com/?l=bugtraq&m=109648426331965 |
6821a2db-4ab7-11da-932d-00055d790c25 | PHP -- multiple vulnerabilities A Secunia Advisory reports:
Discovery 2005-10-31 Entry 2005-11-01 mod_php4-twig php4-cgi php4-cli php4-dtc php4-horde php4-nms php4 < 4.4.1 mod_php mod_php4 ge 4 lt 4.4.1,1 http://secunia.com/advisories/17371/ |
7fcf1727-be71-11db-b2ec-000c6ec775d9 | php -- multiple vulnerabilities Multiple vulnerabilities have been found in PHP, including: buffer overflows, stack overflows, format string, and information disclosure vulnerabilities. The session extension contained Discovery 2007-02-09 Entry 2007-02-17 Modified 2013-04-01 php5-imap php5-odbc php5-session php5-shmop php5-sqlite php5-wddx php5 < 5.2.1_2 php4-odbc php4-session php4-shmop php4-wddx php4 < 4.4.5 mod_php4-twig mod_php4 mod_php5 mod_php php4-cgi php4-cli php4-dtc php4-horde php4-nms php5-cgi php5-cli php5-dtc php5-horde php5-nms ge 4 lt 4.4.5 ge 5 lt 5.2.1_2 CVE-2007-0905 CVE-2007-0906 CVE-2007-0907 CVE-2007-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988 http://secunia.com/advisories/24089/ http://www.php.net/releases/4_4_5.php http://www.php.net/releases/5_2_1.php |
ad74a1bd-16d2-11d9-bc4a-000c41e2cdad | php -- php_variables memory disclosure Stefano Di Paola reports:
Discovery 2004-09-15 Entry 2004-10-05 mod_php4-twig php4-cgi php4-cli php4-dtc php4-horde php4-nms php4 le 4.3.8_2 mod_php mod_php4 ge 4 le 4.3.8_2,1 php5 php5-cgi php5-cli le 5.0.1 mod_php5 le 5.0.1,1 http://marc.theaimsgroup.com/?l=bugtraq&m=109527531130492 |
d47e9d19-5016-11d9-9b5f-0050569f0001 | php -- multiple vulnerabilities Secunia reports:
Discovery 2004-12-16 Entry 2004-12-17 Modified 2004-12-18 mod_php4-twig php4-cgi php4-cli php4-dtc php4-horde php4-nms php4 < 4.3.10 mod_php mod_php4 ge 4 lt 4.3.10,1 php5 php5-cgi php5-cli < 5.0.3 mod_php5 < 5.0.3,1 http://secunia.com/advisories/13481/ CVE-2004-1019 CVE-2004-1065 http://www.php.net/release_4_3_10.php http://www.hardened-php.net/advisories/012004.txt |
dd7aa4f1-102f-11d9-8a8a-000c41e2cdad | php -- memory_limit related vulnerability Stefan Esser of e-matters discovered a condition within PHP that may lead to remote execution of arbitrary code. The memory_limit facility is used to notify functions when memory contraints have been met. Under certain conditions, the entry into this facility is able to interrupt functions such as zend_hash_init() at locations not suitable for interruption. The result would leave these functions in a vulnerable state.
Discovery 2004-07-07 Entry 2004-09-27 Modified 2004-10-02 mod_php4-twig php4 php4-cgi php4-cli php4-dtc php4-horde php4-nms le 4.3.7_3 mod_php4 le 4.3.7_3,1 php5 php5-cgi php5-cli le 5.0.0.r3_2 mod_php5 le 5.0.0.r3_2,1 CVE-2004-0594 http://marc.theaimsgroup.com/?l=bugtraq&m=108981780109154 http://security.e-matters.de/advisories/112004.html 10725 |
ea09c5df-4362-11db-81e1-000e0c2e438a | php -- multiple vulnerabilities The PHP development team reports:
Discovery 2006-08-18 Entry 2006-09-13 Modified 2014-03-28 php4 php5 < 4.4.4 ge 5 lt 5.1.5 php4-cli php5-cli php4-cgi php5-cgi php4-dtc php5-dtc php4-horde php5-horde php4-nms php5-nms mod_php4 mod_php5 < 4.4.4 ge 5 lt 5.1.5 CVE-2006-4481 CVE-2006-4482 CVE-2006-4483 CVE-2006-4484 CVE-2006-4485 CVE-2006-4486 http://www.php.net/release_4_4_4.php http://www.php.net/release_5_1_5.php |
edabe438-542f-11db-a5ae-00508d6a62df | php -- open_basedir Race Condition Vulnerability Stefan Esser reports:
Discovery 2006-10-02 Entry 2006-10-05 Modified 2013-04-01 php4 php5 < 4.4.4_1 ge 5 lt 5.1.6_2 php-suhosin < 0.9.6 php4-cli php5-cli php4-cgi php5-cgi php4-dtc php5-dtc php4-horde php5-horde php4-nms php5-nms mod_php4 mod_php5 ge 4 lt 4.4.4_1 ge 5 lt 5.1.6_2 20326 CVE-2006-5178 http://www.hardened-php.net/advisory_082006.132.html http://secunia.com/advisories/22235/ |
edf61c61-0f07-11d9-8393-000103ccf9d6 | php -- strip_tags cross-site scripting vulnerability Stefan Esser of e-matters discovered that PHP's strip_tags() function would ignore certain characters during parsing of tags, allowing these tags to pass through. Select browsers could then parse these tags, possibly allowing cross-site scripting attacks. Discovery 2004-07-07 Entry 2004-09-27 Modified 2013-06-19 mod_php4-twig php4 php4-cgi php4-cli php4-dtc php4-horde php4-nms le 4.3.7_3 mod_php4 le 4.3.7_3,1 php5 php5-cgi php5-cli le 5.0.0.r3_2 mod_php5 le 5.0.0.r3_2,1 CVE-2004-0595 http://marc.theaimsgroup.com/?l=bugtraq&m=108981589117423 http://security.e-matters.de/advisories/122004.html 10724 |
f5e52bf5-fc77-11db-8163-000e0c2e438a | php -- multiple vulnerabilities The PHP development team reports:
Discovery 2007-05-03 Entry 2007-05-07 Modified 2014-04-01 php5-imap php5-odbc php5-session php5-shmop php5-sqlite php5-wddx php5 < 5.2.2 php4-odbc php4-session php4-shmop php4-wddx php4 < 4.4.7 mod_php4-twig mod_php4 mod_php5 mod_php php4-cgi php4-cli php4-dtc php4-horde php4-nms php5-cgi php5-cli php5-dtc php5-horde php5-nms ge 4 lt 4.4.7 ge 5 lt 5.2.2 CVE-2007-1001 http://www.php.net/releases/4_4_7.php http://www.php.net/releases/5_2_2.php |