VuXML ID | Description |
5a1d5d74-29a0-11e5-86ff-14dae9d210b8 | php -- arbitrary code execution
cmb reports:
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and the
value of the environment variable ENV will be subsituted.
Discovery 2015-06-07 Entry 2015-07-13 php56
< 5.6.11
php55
< 5.5.27
php5
< 5.4.43
https://bugs.php.net/bug.php?id=69768
|
787ef75e-44da-11e5-93ad-002590263bf5 | php5 -- multiple vulnerabilities
The PHP project reports:
Core:
- Fixed bug #69793 (Remotely triggerable stack exhaustion via
recursive method calls).
- Fixed bug #70121 (unserialize() could lead to unexpected methods
execution / NULL pointer deref).
OpenSSL:
- Fixed bug #70014 (openssl_random_pseudo_bytes() is not
cryptographically secure).
Phar:
- Improved fix for bug #69441.
- Fixed bug #70019 (Files extracted from archive may be placed
outside of destination directory).
SOAP:
- Fixed bug #70081 (SoapClient info leak / null pointer
dereference via multiple type confusions).
SPL:
- Fixed bug #70068 (Dangling pointer in the unserialization of
ArrayObject items).
- Fixed bug #70166 (Use After Free Vulnerability in unserialize()
with SPLArrayObject).
- Fixed bug #70168 (Use After Free Vulnerability in unserialize()
with SplObjectStorage).
- Fixed bug #70169 (Use After Free Vulnerability in unserialize()
with SplDoublyLinkedList).
Discovery 2015-08-06 Entry 2015-08-17 Modified 2015-09-08 php5
php5-openssl
php5-phar
php5-soap
< 5.4.44
php55
php55-openssl
php55-phar
php55-soap
< 5.5.28
php56
php56-openssl
php56-phar
php56-soap
< 5.6.12
http://php.net/ChangeLog-5.php#5.4.44
http://php.net/ChangeLog-5.php#5.5.28
http://php.net/ChangeLog-5.php#5.6.12
CVE-2015-6831
CVE-2015-6832
CVE-2015-6833
|
27d01223-c457-11dd-a721-0030843d3802 | php -- multiple vulnerabilities
Secunia reports:
Some vulnerabilities have been reported in PHP, where some have an
unknown impact and others can potentially be exploited by malicious
people to cause a DoS (Denial of Service) or compromise a vulnerable
system.
An input validation error exists within the
"ZipArchive::extractTo()" function when extracting ZIP archives.
This can be exploited to extract files to arbitrary locations
outside the specified directory via directory traversal sequences in
a specially crafted ZIP archive.
An error in the included PCRE library can be exploited to cause a
buffer overflow.
The problem is that the "BG(page_uid)" and "BG(page_gid)" variables
are not initialized. No further information is currently
available.
The problem is that the "php_value" order is incorrect for Apache
configurations. No further information is currently available.
An error in the GD library can be exploited to cause a crash via a
specially crafted font file.
Discovery 2008-12-04 Entry 2008-12-07 php5
< 5.2.7
CVE-2008-2371
CVE-2008-2829
CVE-2008-3658
CVE-2008-3659
CVE-2008-3660
http://www.php.net/ChangeLog-5.php#5.2.7
http://www.sektioneins.de/advisories/SE-2008-06.txt
http://secunia.com/advisories/30916/
http://secunia.com/advisories/31409/
http://secunia.com/advisories/32964/
|
9b2a5e88-02b8-11e2-92d1-000d601460a4 | php5 -- Denial of Service in php_date_parse_tzfile()
MITRE CVE team reports:
Memory leak in the timezone functionality in PHP before 5.3.9
allows remote attackers to cause a denial of service (memory
consumption) by triggering many strtotime function calls, which are
not properly handled by the php_date_parse_tzfile cache.
Discovery 2010-12-08 Entry 2012-09-19 php5
ge 5.2 lt 5.2.17_11
ge 5.3 lt 5.3.9
php52
< 5.2.17_11
php53
< 5.3.9
CVE-2012-0789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0789
https://bugs.php.net/bug.php?id=53502
|
392b5b1d-9471-11dc-9db7-001c2514716c | php -- multiple security vulnerabilities
PHP project reports:
Security Enhancements and Fixes in PHP 5.2.5:
- Fixed dl() to only accept filenames. Reported by Laurent
Gaffie.
- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
Reported by Laurent Gaffie.
- Fixed htmlentities/htmlspecialchars not to accept partial
multibyte sequences. Reported by Rasmus Lerdorf
- Fixed possible triggering of buffer overflows inside glibc
implementations of the fnmatch(), setlocale() and glob()
functions. Reported by Laurent Gaffie.
- Fixed "mail.force_extra_parameters" php.ini directive not to be
modifiable in .htaccess due to the security implications. Reported
by SecurityReason.
- Fixed bug #42869 (automatic session id insertion adds sessions
id to non-local forms).
- Fixed bug #41561 (Values set with php_admin_* in httpd.conf can
be overwritten with ini_set()).
Discovery 2007-11-08 Entry 2007-11-16 php5
< 5.2.5
26403
CVE-2007-4887
|
2cde1892-913e-11e1-b44c-001fd0af1a4c | php -- multiple vulnerabilities
php development team reports:
Security Enhancements for both PHP 5.3.11 and PHP 5.4.1:
- Insufficient validating of upload name leading to corrupted $_FILES indices. (CVE-2012-1172)
- Add open_basedir checks to readline_write_history and readline_read_history.
Security Enhancements for both PHP 5.3.11 only:
- Regression in magic_quotes_gpc fix for CVE-2012-0831.
Discovery 2012-03-01 Entry 2012-04-28 Modified 2012-05-04 php53
< 5.3.11
php5
< 5.3.11
CVE-2012-0831
CVE-2012-1172
http://www.php.net/archive/2012.php#id2012-04-26-1
|
3d675519-5654-11e5-9ad8-14dae9d210b8 | php -- multiple vulnerabilities
PHP reports:
- Core:
- Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
- Fixed bug #70219 (Use after free vulnerability in session deserializer).
- EXIF:
- Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
- hash:
- Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
- PCRE:
- Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
- SOAP:
- Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
- SPL:
- Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
- Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).
- XSLT:
- Fixed bug #69782 (NULL pointer dereference).
- ZIP:
- Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).
Discovery 2015-09-03 Entry 2015-09-08 Modified 2015-09-08 php5
php5-soap
php5-xsl
< 5.4.45
php55
php55-soap
php55-xsl
< 5.5.29
php56
php56-soap
php56-xsl
< 5.6.13
http://php.net/ChangeLog-5.php#5.4.45
http://php.net/ChangeLog-5.php#5.5.29
http://php.net/ChangeLog-5.php#5.6.13
CVE-2015-6834
CVE-2015-6835
CVE-2015-6836
CVE-2015-6837
CVE-2015-6838
|
71d903fc-602d-11dc-898c-001921ab2fa4 | php -- multiple vulnerabilities
The PHP development team reports:
Security Enhancements and Fixes in PHP 5.2.4:
- Fixed a floating point exception inside wordwrap() (Reported
by Mattias Bengtsson)
- Fixed several integer overflows inside the GD extension
(Reported by Mattias Bengtsson)
- Fixed size calculation in chunk_split() (Reported by Gerhard
Wagner)
- Fixed integer overflow in str[c]spn(). (Reported by Mattias
Bengtsson)
- Fixed money_format() not to accept multiple %i or %n tokens.
(Reported by Stanislav Malyshev)
- Fixed zend_alter_ini_entry() memory_limit interruption
vulnerability. (Reported by Stefan Esser)
- Fixed INFILE LOCAL option handling with MySQL extensions not
to be allowed when open_basedir or safe_mode is active. (Reported
by Mattias Bengtsson)
- Fixed session.save_path and error_log values to be checked
against open_basedir and safe_mode (CVE-2007-3378) (Reported by
Maksymilian Arciemowicz)
- Fixed a possible invalid read in glob() win32 implementation
(CVE-2007-3806) (Reported by shinnai)
- Fixed a possible buffer overflow in php_openssl_make_REQ
(Reported by zatanzlatan at hotbrev dot com)
- Fixed an open_basedir bypass inside glob() function (Reported
by dr at peytz dot dk)
- Fixed a possible open_basedir bypass inside session extension
when the session file is a symlink (Reported by c dot i dot morris
at durham dot ac dot uk)
- Improved fix for MOPB-03-2007.
- Corrected fix for CVE-2007-2872.
Discovery 2007-08-30 Entry 2007-09-11 Modified 2008-01-14 php5
< 5.2.4
php4
< 4.4.8
CVE-2007-2872
CVE-2007-3378
CVE-2007-3806
CVE-2007-3996
CVE-2007-3997
CVE-2007-3998
CVE-2007-4652
CVE-2007-4657
CVE-2007-4658
CVE-2007-4659
CVE-2007-4660
CVE-2007-4661
CVE-2007-4662
CVE-2007-4663
CVE-2007-4670
http://www.php.net/releases/4_4_8.php
http://www.php.net/releases/5_2_4.php
http://secunia.com/advisories/26642
|
057bf770-cac4-11e0-aea3-00215c6a37bb | php -- multiple vulnerabilities
PHP development team reports:
Security Enhancements and Fixes in PHP 5.3.7:
- Updated crypt_blowfish to 1.2. (CVE-2011-2483)
- Fixed crash in error_log(). Reported by Mateusz
Kocielski
- Fixed buffer overflow on overlog salt in crypt().
- Fixed bug #54939 (File path injection vulnerability
in RFC1867 File upload filename). Reported by Krzysztof
Kotowicz. (CVE-2011-2202)
- Fixed stack buffer overflow in socket_connect().
(CVE-2011-1938)
- Fixed bug #54238 (use-after-free in substr_replace()).
(CVE-2011-1148)
Discovery 2011-08-18 Entry 2011-08-20 php5
php5-sockets
< 5.3.7
49241
CVE-2011-2483
CVE-2011-2202
CVE-2011-1938
CVE-2011-1148
|
bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89 | php -- potential overflow in _php_stream_scandir
The PHP Development Team reports:
The release of PHP 5.4.15 and 5.4.5 fix a potential overflow in
_php_stream_scandir
Discovery 2012-07-19 Entry 2012-07-23 Modified 2013-01-15 php5
gt 5.4 lt 5.4.5
ge 5.3 lt 5.3.15
ge 5.2 lt 5.2.17_10
php53
< 5.3.15
php52
< 5.2.17_10
CVE-2012-2688
http://www.php.net/archive/2012.php#id2012-07-19-1
|
f7a9e415-bdca-11e4-970c-000c292ee6b8 | php5 -- multiple vulnerabilities
The PHP Project reports:
Use after free vulnerability in unserialize() with DateTimeZone.
Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer
overflow.
Discovery 2015-02-18 Entry 2015-02-26 php5
< 5.4.38
php55
< 5.5.22
php56
< 5.6.6
CVE-2015-0235
CVE-2015-0273
http://php.net/ChangeLog-5.php#5.4.38
http://php.net/ChangeLog-5.php#5.5.22
http://php.net/ChangeLog-5.php#5.6.6
|
1e232a0c-eb57-11e4-b595-4061861086c1 | Several vulnerabilities found in PHP
The PHP project reports:
The PHP development team announces the immediate
availability of PHP 5.4.40. 14 security-related
bugs were fixed in this release, including
CVE-2014-9709, CVE-2015-2301, CVE-2015-2783,
CVE-2015-1352. All PHP 5.4 users are encouraged to
upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.5.24. Several bugs have been
fixed, some of them being security related, like
CVE-2015-1351 and CVE-2015-1352. All PHP 5.5 users
are encouraged to upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.6.8. Several bugs have been
fixed, some of them being security related, like
CVE-2015-1351 and CVE-2015-1352. All PHP 5.6 users
are encouraged to upgrade to this version.
Discovery 2015-04-16 Entry 2015-04-25 Modified 2015-05-22 php5
< 5.4.40
php55
< 5.5.24
php56
< 5.6.8
http://php.net/archive/2015.php#id2015-04-16-2
CVE-2014-9709
CVE-2015-2301
CVE-2015-2783
CVE-2015-1351
CVE-2015-1352
ports/199585
|
3761df02-0f9c-11e0-becc-0022156e8794 | php -- NULL byte poisoning
PHP-specific version of NULL-byte poisoning was briefly
described by ShAnKaR:
Poison NULL byte vulnerability for perl CGI applications
was described in
[1].
ShAnKaR noted, that same vulnerability also affects
different PHP applications.
PHP developers report that branch 5.3 received a fix:
Paths with NULL in them (foo\0bar.txt) are now considered
as invalid (CVE-2006-7243).
Discovery 2010-12-10 Entry 2011-01-13 Modified 2012-11-25 php5
< 5.3.4
php52
< 5.2.17_12
CVE-2006-7243
http://www.securityfocus.com/archive/1/archive/1/445788/100/0/threaded
http://artofhacking.com/files/phrack/phrack55/P55-07.TXT
|
d3921810-3c80-11e1-97e8-00215c6a37bb | php -- multiple vulnerabilities
php development team reports:
Security Enhancements and Fixes in PHP 5.3.9:
- Added max_input_vars directive to prevent attacks
based on hash collisions. (CVE-2011-4885)
- Fixed bug #60150 (Integer overflow during the parsing
of invalid exif header). (CVE-2011-4566)
Discovery 2011-12-29 Entry 2012-01-11 Modified 2012-01-19 php5
php5-exif
< 5.3.9
php52
< 5.2.17_5
php52-exif
< 5.2.17_6
CVE-2011-4566
CVE-2011-4885
http://www.nruns.com/_downloads/advisory28122011.pdf
|
f3148a05-0fa7-11e0-becc-0022156e8794 | php -- corruption of $GLOBALS and $this variables via extract() method
Off-by-one error in the sanity validator for the extract()
method allowed attackers to replace the values of $GLOBALS
and $this when mode EXTR_OVERWRITE was used.
Discovery 2010-12-10 Entry 2011-01-13 php5
< 5.3.4
php52
< 5.2.15
http://www.mail-archive.com/php-cvs@lists.php.net/msg47722.html
http://www.php.net/releases/5_2_15.php
|
31de2e13-00d2-11e5-a072-d050996490d0 | php -- multiple vulnerabilities
PHP development team reports:
Fixed bug #69364 (PHP Multipart/form-data remote DoS
Vulnerability). (CVE-2015-4024)
Fixed bug #69418 (CVE-2006-7243 fix regressions in
5.4+). (CVE-2015-4025)
Fixed bug #69545 (Integer overflow in ftp_genlist()
resulting in heap overflow). (CVE-2015-4022)
Fixed bug #68598 (pcntl_exec() should not allow null
char). (CVE-2015-4026)
Fixed bug #69453 (Memory Corruption in phar_parse_tarfile
when entry filename starts with null). (CVE-2015-4021)
Discovery 2015-05-14 Entry 2015-05-22 php5
< 5.4.41
php55
< 5.5.25
php56
< 5.6.9
CVE-2015-4021
CVE-2015-4022
CVE-2015-4024
CVE-2015-4025
CVE-2015-4026
https://php.net/ChangeLog-5.php#5.6.9
|
af7fbd91-29a1-11e5-86ff-14dae9d210b8 | php -- use-after-free vulnerability
Symeon Paraschoudis reports:
Use-after-free vulnerability in spl_recursive_it_move_forward_ex()
Discovery 2015-06-30 Entry 2015-07-13 php56
< 5.6.11
php55
< 5.5.27
php5
< 5.4.43
https://bugs.php.net/bug.php?id=69970
|
1f9e2376-c52f-11dd-8cbc-00163e000016 | php5 -- potential magic_quotes_gpc vulnerability
PHP Developers reports:
Due to a security bug found in the PHP 5.2.7 release, it has been
removed from distribution. The bug affects configurations where
magic_quotes_gpc is enabled, because it remains off even when set to
on.
Discovery 2008-12-07 Entry 2008-12-08 Modified 2010-05-02 php5
< 5.2.8
CVE-2008-5844
http://www.php.net/archive/2008.php#id2008-12-07-1
|
ee6fa2bd-406a-11dd-936a-0015af872849 | php -- input validation error in safe_mode
According to Maksymilian Arciemowicz research,
it is possible to bypass security restrictions
of safe_mode in various
functions via directory traversal vulnerability. The attacker
can use this attack to gain access to sensitive
information. Functions utilizing
expand_filepath() may be affected.
It should be noted that this vulnerability is not
considered to be serious by the FreeBSD Security Team,
since safe_mode and open_basedir
are insecure by design and should not be relied upon.
Discovery 2008-06-17 Entry 2008-06-22 Modified 2008-09-04 php5
< 5.2.6_2
CVE-2008-2665
CVE-2008-2666
29797
http://securityreason.com/achievement_securityalert/54
|
59e7163c-cf84-11e2-907b-0025905a4770 | php5 -- Heap based buffer overflow in quoted_printable_encode
The PHP development team reports:
A Heap-based buffer overflow flaw was found in the php
quoted_printable_encode() function. A remote attacker could use
this flaw to cause php to crash or execute arbirary code with the
permission of the user running php
Discovery 2013-06-06 Entry 2013-06-07 php5
< 5.4.16
php53
< 5.3.26
CVE-2013-2110
https://bugzilla.redhat.com/show_bug.cgi?id=964969
|
60de13d5-95f0-11e1-806a-001143cd36d8 | php -- vulnerability in certain CGI-based setups
php development team reports:
Security Enhancements and Fixes in PHP 5.3.12:
- Initial fix for cgi-bin ?-s cmdarg parse issue
(CVE-2012-1823)
Discovery 2012-05-03 Entry 2012-05-05 php5
gt 5.4 lt 5.4.2
< 5.3.12
php53
< 5.3.12
php4
< 4.4.10
php52
< 5.2.17_8
CVE-2012-1823
|
742563d4-d776-11e4-b595-4061861086c1 | Several vulnerabilities found in PHP
The PHP project reports:
The PHP development team announces the immediate
availability of PHP 5.6.7. Several bugs have been
fixed as well as CVE-2015-0231, CVE-2015-2305 and
CVE-2015-2331. All PHP 5.6 users are encouraged to
upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.5.23. Several bugs have been
fixed as well as CVE-2015-0231, CVE-2015-2305 and
CVE-2015-2331. All PHP 5.5 users are encouraged
to upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.4.39. Six security-related
bugs were fixed in this release, including
CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331.
All PHP 5.4 users are encouraged to upgrade to
this version.
Discovery 2015-03-19 Entry 2015-04-01 php53
le 5.3.29_5
php5
< 5.4.39
php55
< 5.5.23
php56
< 5.6.7
http://php.net/archive/2015.php#id2015-03-20-2
CVE-2015-0231
CVE-2015-2305
CVE-2015-2311
ports/198739
|
2b6ed5c7-1a7f-11e0-b61d-000c29d1636d | php -- multiple vulnerabilities
PHP developers reports:
Security Enhancements and Fixes in PHP 5.3.5:
- Fixed bug #53632 (PHP hangs on numeric value
2.2250738585072011e-308). (CVE-2010-4645)
Security Enhancements and Fixes in PHP 5.2.17:
- Fixed bug #53632 (PHP hangs on numeric value
2.2250738585072011e-308). (CVE-2010-4645)
Discovery 2011-01-06 Entry 2011-01-09 Modified 2011-01-09 php5
< 5.3.5
php52
< 5.2.17
CVE-2010-4645
|
59b68b1e-9c78-11e1-b5e0-000c299b62e1 | php -- multiple vulnerabilities
The PHP Development Team reports:
The release of PHP 5.4.13 and 5.4.3 complete a fix for the
vulnerability in CGI-based setups as originally described in
CVE-2012-1823. (CVE-2012-2311)
Note: mod_php and php-fpm are not vulnerable to this attack.
PHP 5.4.3 fixes a buffer overflow vulnerability in the
apache_request_headers() (CVE-2012-2329).
Discovery 2012-05-08 Entry 2012-05-12 php5
gt 5.4 lt 5.4.3
< 5.3.13
php53
< 5.3.13
php52
< 5.2.17_9
CVE-2012-1823
CVE-2012-2311
CVE-2012-2329
|
437a68cf-b752-11de-b6eb-00e0815b8da8 | php5 -- Multiple security issues
Vendor reports
Security Enhancements and Fixes in PHP 5.2.11:
Fixed certificate validation inside
php_openssl_apply_verification_policy.
Fixed sanity check for the color index in imagecolortransparent.
Added missing sanity checks around exif processing.
Fixed bug 44683 popen crashes when an invalid mode is passed.
Discovery 2009-09-17 Entry 2009-10-12 php5
< 5.2.11
http://www.php.net/releases/5_2_11.php
CVE-2009-3291
CVE-2009-3292
CVE-2009-3293
|
1d23109a-9005-11e2-9602-d43d7e0c7c02 | php5 -- Multiple vulnerabilities
The PHP development team reports:
PHP does not validate the relationship between the soap.wsdl_cache_dir
directive and the open_basedir directive, which allows remote attackers to
bypass intended access restrictions by triggering the creation of cached
SOAP WSDL files in an arbitrary directory.
The SOAP parser in PHP allows remote attackers to read arbitrary files
via a SOAP WSDL file containing an XML external entity declaration in
conjunction with an entity reference, related to an XML External Entity
(XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.
Discovery 2013-03-04 Entry 2013-03-18 php5
< 5.4.13
php53
< 5.3.23
CVE-2013-1643
CVE-2013-1635
|
39a25a63-eb5c-11de-b650-00215c6a37bb | php -- multiple vulnerabilities
PHP developers reports:
This release focuses on improving the stability of the
PHP 5.2.x branch with over 60 bug fixes, some of which
are security related. All users of PHP 5.2 are encouraged
to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.12:
- Fixed a safe_mode bypass in tempnam() identified by
Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo()
identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
- Added "max_file_uploads" INI directive, which can
be set to limit the number of file uploads per-request
to 20 by default, to prevent possible DOS via temporary
file exhaustion, identified by Bogdan Calin.
(CVE-2009-4017, Ilia)
- Added protection for $_SESSION from interrupt
corruption and improved "session.save_path" check,
identified by Stefan Esser. (CVE-2009-4143, Stas)
- Fixed bug #49785 (insufficient input string
validation of htmlspecialchars()). (CVE-2009-4142,
Moriyoshi, hello at iwamot dot com)
Discovery 2009-12-17 Entry 2009-12-17 php5
< 5.2.12
CVE-2009-3557
CVE-2009-3558
CVE-2009-4017
CVE-2009-4142
CVE-2009-4143
http://www.php.net/releases/5_2_12.php
|
7fe7df75-6568-11e6-a590-14dae9d210b8 | End of Life Ports
These packages have reached End of Life status and/or have
been removed from the Ports Tree. They may contain undocumented
security issues. Please take caution and find alternative
software as soon as possible.
Discovery 2016-08-18 Entry 2016-08-18 Modified 2016-10-18 python32
python31
python30
python26
python25
python24
python23
python22
python21
python20
python15
ge 0
php54
php53
php52
php5
php4
ge 0
perl5
< 5.18
perl5.16
perl5.14
perl5.12
perl
ge 0
ruby
ruby_static
< 2.1,1
unifi2
unifi3
ge 0
apache21
apache20
apache13
ge 0
tomcat55
tomcat41
ge 0
mysql51-client
mysql51-server
mysql50-client
mysql50-server
mysql41-client
mysql41-server
mysql40-client
mysql40-server
ge 0
postgresql90-client
postgresql90-server
postgresql84-client
postgresql84-server
postgresql83-client
postgresql83-server
postgresql82-client
postgresql82-server
postgresql81-client
postgresql81-server
postgresql80-client
postgresql80-server
postgresql74-client
postgresql74-server
postgresql73-client
postgresql73-server
postgresql72-client
postgresql72-server
postgresql71-client
postgresql71-server
postgresql7-client
postgresql7-server
ge 0
ports/211975
|
73634294-0fa7-11e0-becc-0022156e8794 | php -- open_basedir bypass
MITRE reports:
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow
remote attackers to bypass open_basedir restrictions via
vectors related to the length of a filename.
Discovery 2010-12-10 Entry 2011-01-13 php5
< 5.3.4
php52
< 5.2.15
44723
CVE-2010-3436
|
f6377f08-12a7-11dd-bab7-0016179b2dd5 | php -- integer overflow vulnerability
CVE reports:
Integer overflow in PHP 5.2.5 and earlier allows context-dependent
attackers to cause a denial of service and possibly have unspecified
other impact via a printf format parameter with a large width
specifier, related to the php_sprintf_appendstring function in
formatted_print.c and probably other functions for formatted strings
(aka *printf functions).
Discovery 2008-03-21 Entry 2008-04-25 Modified 2008-05-02 php5
< 5.2.6
CVE-2008-1384
28392
http://securityreason.com/achievement_securityalert/52
|
918f38cd-f71e-11e1-8bd8-0022156e8794 | php5 -- header splitting attack via carriage-return character
Rui Hirokawa reports:
As of PHP 5.1.2, header() can no longer be used to send
multiple response headers in a single call to prevent the
HTTP Response Splitting Attack. header() only checks the
linefeed (LF, 0x0A) as line-end marker, it doesn't check the
carriage-return (CR, 0x0D).
However, some browsers including Google Chrome, IE also
recognize CR as the line-end.
The current specification of header() still has the
vulnerability against the HTTP header splitting attack.
Discovery 2011-11-06 Entry 2012-09-05 Modified 2012-09-19 php5
ge 5.2 lt 5.2.17_11
ge 5.3 lt 5.3.11
ge 5.4 lt 5.4.1
php52
< 5.2.17_11
php53
< 5.3.11
CVE-2011-1398
https://bugs.php.net/bug.php?id=60227
|
f5e52bf5-fc77-11db-8163-000e0c2e438a | php -- multiple vulnerabilities
The PHP development team reports:
Security Enhancements and Fixes in PHP 5.2.2 and PHP
4.4.7:
- Fixed CVE-2007-1001, GD wbmp used with invalid image
size
- Fixed asciiz byte truncation inside mail()
- Fixed a bug in mb_parse_str() that can be used to
activate register_globals
- Fixed unallocated memory access/double free in in
array_user_key_compare()
- Fixed a double free inside session_regenerate_id()
- Added missing open_basedir & safe_mode checks to zip://
and bzip:// wrappers.
- Limit nesting level of input variables with
max_input_nesting_level as fix for.
- Fixed CRLF injection inside ftp_putcmd().
- Fixed a possible super-global overwrite inside
import_request_variables().
- Fixed a remotely trigger-able buffer overflow inside
bundled libxmlrpc library.
Security Enhancements and Fixes in PHP 5.2.2 only:
- Fixed a header injection via Subject and To parameters
to the mail() function
- Fixed wrong length calculation in unserialize S
type.
- Fixed substr_compare and substr_count information
leak.
- Fixed a remotely trigger-able buffer overflow inside
make_http_soap_request().
- Fixed a buffer overflow inside
user_filter_factory_create().
Security Enhancements and Fixes in PHP 4.4.7 only:
Discovery 2007-05-03 Entry 2007-05-07 Modified 2014-04-01 php5-imap
php5-odbc
php5-session
php5-shmop
php5-sqlite
php5-wddx
php5
< 5.2.2
php4-odbc
php4-session
php4-shmop
php4-wddx
php4
< 4.4.7
mod_php4-twig
mod_php4
mod_php5
mod_php
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php5-cgi
php5-cli
php5-dtc
php5-horde
php5-nms
ge 4 lt 4.4.7
ge 5 lt 5.2.2
CVE-2007-1001
http://www.php.net/releases/4_4_7.php
http://www.php.net/releases/5_2_2.php
|