VuXML ID | Description |
71d903fc-602d-11dc-898c-001921ab2fa4 | php -- multiple vulnerabilities
The PHP development team reports:
Security Enhancements and Fixes in PHP 5.2.4:
- Fixed a floating point exception inside wordwrap() (Reported
by Mattias Bengtsson)
- Fixed several integer overflows inside the GD extension
(Reported by Mattias Bengtsson)
- Fixed size calculation in chunk_split() (Reported by Gerhard
Wagner)
- Fixed integer overflow in str[c]spn(). (Reported by Mattias
Bengtsson)
- Fixed money_format() not to accept multiple %i or %n tokens.
(Reported by Stanislav Malyshev)
- Fixed zend_alter_ini_entry() memory_limit interruption
vulnerability. (Reported by Stefan Esser)
- Fixed INFILE LOCAL option handling with MySQL extensions not
to be allowed when open_basedir or safe_mode is active. (Reported
by Mattias Bengtsson)
- Fixed session.save_path and error_log values to be checked
against open_basedir and safe_mode (CVE-2007-3378) (Reported by
Maksymilian Arciemowicz)
- Fixed a possible invalid read in glob() win32 implementation
(CVE-2007-3806) (Reported by shinnai)
- Fixed a possible buffer overflow in php_openssl_make_REQ
(Reported by zatanzlatan at hotbrev dot com)
- Fixed an open_basedir bypass inside glob() function (Reported
by dr at peytz dot dk)
- Fixed a possible open_basedir bypass inside session extension
when the session file is a symlink (Reported by c dot i dot morris
at durham dot ac dot uk)
- Improved fix for MOPB-03-2007.
- Corrected fix for CVE-2007-2872.
Discovery 2007-08-30 Entry 2007-09-11 Modified 2008-01-14 php5
< 5.2.4
php4
< 4.4.8
CVE-2007-2872
CVE-2007-3378
CVE-2007-3806
CVE-2007-3996
CVE-2007-3997
CVE-2007-3998
CVE-2007-4652
CVE-2007-4657
CVE-2007-4658
CVE-2007-4659
CVE-2007-4660
CVE-2007-4661
CVE-2007-4662
CVE-2007-4663
CVE-2007-4670
http://www.php.net/releases/4_4_8.php
http://www.php.net/releases/5_2_4.php
http://secunia.com/advisories/26642
|
057bf770-cac4-11e0-aea3-00215c6a37bb | php -- multiple vulnerabilities
PHP development team reports:
Security Enhancements and Fixes in PHP 5.3.7:
- Updated crypt_blowfish to 1.2. (CVE-2011-2483)
- Fixed crash in error_log(). Reported by Mateusz
Kocielski
- Fixed buffer overflow on overlog salt in crypt().
- Fixed bug #54939 (File path injection vulnerability
in RFC1867 File upload filename). Reported by Krzysztof
Kotowicz. (CVE-2011-2202)
- Fixed stack buffer overflow in socket_connect().
(CVE-2011-1938)
- Fixed bug #54238 (use-after-free in substr_replace()).
(CVE-2011-1148)
Discovery 2011-08-18 Entry 2011-08-20 php5
php5-sockets
< 5.3.7
49241
CVE-2011-2483
CVE-2011-2202
CVE-2011-1938
CVE-2011-1148
|
1f9e2376-c52f-11dd-8cbc-00163e000016 | php5 -- potential magic_quotes_gpc vulnerability
PHP Developers reports:
Due to a security bug found in the PHP 5.2.7 release, it has been
removed from distribution. The bug affects configurations where
magic_quotes_gpc is enabled, because it remains off even when set to
on.
Discovery 2008-12-07 Entry 2008-12-08 Modified 2010-05-02 php5
< 5.2.8
CVE-2008-5844
http://www.php.net/archive/2008.php#id2008-12-07-1
|
787ef75e-44da-11e5-93ad-002590263bf5 | php5 -- multiple vulnerabilities
The PHP project reports:
Core:
- Fixed bug #69793 (Remotely triggerable stack exhaustion via
recursive method calls).
- Fixed bug #70121 (unserialize() could lead to unexpected methods
execution / NULL pointer deref).
OpenSSL:
- Fixed bug #70014 (openssl_random_pseudo_bytes() is not
cryptographically secure).
Phar:
- Improved fix for bug #69441.
- Fixed bug #70019 (Files extracted from archive may be placed
outside of destination directory).
SOAP:
- Fixed bug #70081 (SoapClient info leak / null pointer
dereference via multiple type confusions).
SPL:
- Fixed bug #70068 (Dangling pointer in the unserialization of
ArrayObject items).
- Fixed bug #70166 (Use After Free Vulnerability in unserialize()
with SPLArrayObject).
- Fixed bug #70168 (Use After Free Vulnerability in unserialize()
with SplObjectStorage).
- Fixed bug #70169 (Use After Free Vulnerability in unserialize()
with SplDoublyLinkedList).
Discovery 2015-08-06 Entry 2015-08-17 Modified 2015-09-08 php5
php5-openssl
php5-phar
php5-soap
< 5.4.44
php55
php55-openssl
php55-phar
php55-soap
< 5.5.28
php56
php56-openssl
php56-phar
php56-soap
< 5.6.12
http://php.net/ChangeLog-5.php#5.4.44
http://php.net/ChangeLog-5.php#5.5.28
http://php.net/ChangeLog-5.php#5.6.12
CVE-2015-6831
CVE-2015-6832
CVE-2015-6833
|
742563d4-d776-11e4-b595-4061861086c1 | Several vulnerabilities found in PHP
The PHP project reports:
The PHP development team announces the immediate
availability of PHP 5.6.7. Several bugs have been
fixed as well as CVE-2015-0231, CVE-2015-2305 and
CVE-2015-2331. All PHP 5.6 users are encouraged to
upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.5.23. Several bugs have been
fixed as well as CVE-2015-0231, CVE-2015-2305 and
CVE-2015-2331. All PHP 5.5 users are encouraged
to upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.4.39. Six security-related
bugs were fixed in this release, including
CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331.
All PHP 5.4 users are encouraged to upgrade to
this version.
Discovery 2015-03-19 Entry 2015-04-01 php53
le 5.3.29_5
php5
< 5.4.39
php55
< 5.5.23
php56
< 5.6.7
http://php.net/archive/2015.php#id2015-03-20-2
CVE-2015-0231
CVE-2015-2305
CVE-2015-2311
ports/198739
|
1d23109a-9005-11e2-9602-d43d7e0c7c02 | php5 -- Multiple vulnerabilities
The PHP development team reports:
PHP does not validate the relationship between the soap.wsdl_cache_dir
directive and the open_basedir directive, which allows remote attackers to
bypass intended access restrictions by triggering the creation of cached
SOAP WSDL files in an arbitrary directory.
The SOAP parser in PHP allows remote attackers to read arbitrary files
via a SOAP WSDL file containing an XML external entity declaration in
conjunction with an entity reference, related to an XML External Entity
(XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.
Discovery 2013-03-04 Entry 2013-03-18 php5
< 5.4.13
php53
< 5.3.23
CVE-2013-1643
CVE-2013-1635
|
d47e9d19-5016-11d9-9b5f-0050569f0001 | php -- multiple vulnerabilities
Secunia reports:
Multiple vulnerabilities have been reported in PHP,
which can be exploited to gain escalated privileges,
bypass certain security restrictions, gain knowledge
of sensitive information, or compromise a vulnerable
system.
Discovery 2004-12-16 Entry 2004-12-17 Modified 2004-12-18 mod_php4-twig
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php4
< 4.3.10
mod_php
mod_php4
ge 4 lt 4.3.10,1
php5
php5-cgi
php5-cli
< 5.0.3
mod_php5
< 5.0.3,1
http://secunia.com/advisories/13481/
CVE-2004-1019
CVE-2004-1065
http://www.php.net/release_4_3_10.php
http://www.hardened-php.net/advisories/012004.txt
|
7fe7df75-6568-11e6-a590-14dae9d210b8 | End of Life Ports
These packages have reached End of Life status and/or have
been removed from the Ports Tree. They may contain undocumented
security issues. Please take caution and find alternative
software as soon as possible.
Discovery 2016-08-18 Entry 2016-08-18 Modified 2016-10-18 python32
python31
python30
python26
python25
python24
python23
python22
python21
python20
python15
ge 0
php54
php53
php52
php5
php4
ge 0
perl5
< 5.18
perl5.16
perl5.14
perl5.12
perl
ge 0
ruby
ruby_static
< 2.1,1
unifi2
unifi3
ge 0
apache21
apache20
apache13
ge 0
tomcat55
tomcat41
ge 0
mysql51-client
mysql51-server
mysql50-client
mysql50-server
mysql41-client
mysql41-server
mysql40-client
mysql40-server
ge 0
postgresql90-client
postgresql90-server
postgresql84-client
postgresql84-server
postgresql83-client
postgresql83-server
postgresql82-client
postgresql82-server
postgresql81-client
postgresql81-server
postgresql80-client
postgresql80-server
postgresql74-client
postgresql74-server
postgresql73-client
postgresql73-server
postgresql72-client
postgresql72-server
postgresql71-client
postgresql71-server
postgresql7-client
postgresql7-server
ge 0
ports/211975
|
edf61c61-0f07-11d9-8393-000103ccf9d6 | php -- strip_tags cross-site scripting vulnerability
Stefan Esser of e-matters discovered that PHP's strip_tags()
function would ignore certain characters during parsing of tags,
allowing these tags to pass through. Select browsers could then
parse these tags, possibly allowing cross-site scripting attacks.
Discovery 2004-07-07 Entry 2004-09-27 Modified 2013-06-19 mod_php4-twig
php4
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
le 4.3.7_3
mod_php4
le 4.3.7_3,1
php5
php5-cgi
php5-cli
le 5.0.0.r3_2
mod_php5
le 5.0.0.r3_2,1
CVE-2004-0595
http://marc.theaimsgroup.com/?l=bugtraq&m=108981589117423
http://security.e-matters.de/advisories/122004.html
10724
|
2cde1892-913e-11e1-b44c-001fd0af1a4c | php -- multiple vulnerabilities
php development team reports:
Security Enhancements for both PHP 5.3.11 and PHP 5.4.1:
- Insufficient validating of upload name leading to corrupted $_FILES indices. (CVE-2012-1172)
- Add open_basedir checks to readline_write_history and readline_read_history.
Security Enhancements for both PHP 5.3.11 only:
- Regression in magic_quotes_gpc fix for CVE-2012-0831.
Discovery 2012-03-01 Entry 2012-04-28 Modified 2012-05-04 php53
< 5.3.11
php5
< 5.3.11
CVE-2012-0831
CVE-2012-1172
http://www.php.net/archive/2012.php#id2012-04-26-1
|
562a3fdf-16d6-11d9-bc4a-000c41e2cdad | php -- vulnerability in RFC 1867 file upload processing
Stefano Di Paola discovered an issue with PHP that
could allow someone to upload a file to any directory
writeable by the httpd process. Any sanitizing performed on
the prepended directory path is ignored. This bug can only
be triggered if the $_FILES element name contains an
underscore.
Discovery 2004-09-15 Entry 2004-09-15 Modified 2004-10-12 php4
php4-cgi
le 4.3.8_2
mod_php4
le 4.3.8_2,1
php5
php5-cgi
le 5.0.1
mod_php5
le 5.0.1,1
http://marc.theaimsgroup.com/?l=bugtraq&m=109534848430404
http://marc.theaimsgroup.com/?l=bugtraq&m=109648426331965
|
437a68cf-b752-11de-b6eb-00e0815b8da8 | php5 -- Multiple security issues
Vendor reports
Security Enhancements and Fixes in PHP 5.2.11:
Fixed certificate validation inside
php_openssl_apply_verification_policy.
Fixed sanity check for the color index in imagecolortransparent.
Added missing sanity checks around exif processing.
Fixed bug 44683 popen crashes when an invalid mode is passed.
Discovery 2009-09-17 Entry 2009-10-12 php5
< 5.2.11
http://www.php.net/releases/5_2_11.php
CVE-2009-3291
CVE-2009-3292
CVE-2009-3293
|
39a25a63-eb5c-11de-b650-00215c6a37bb | php -- multiple vulnerabilities
PHP developers reports:
This release focuses on improving the stability of the
PHP 5.2.x branch with over 60 bug fixes, some of which
are security related. All users of PHP 5.2 are encouraged
to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.12:
- Fixed a safe_mode bypass in tempnam() identified by
Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo()
identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
- Added "max_file_uploads" INI directive, which can
be set to limit the number of file uploads per-request
to 20 by default, to prevent possible DOS via temporary
file exhaustion, identified by Bogdan Calin.
(CVE-2009-4017, Ilia)
- Added protection for $_SESSION from interrupt
corruption and improved "session.save_path" check,
identified by Stefan Esser. (CVE-2009-4143, Stas)
- Fixed bug #49785 (insufficient input string
validation of htmlspecialchars()). (CVE-2009-4142,
Moriyoshi, hello at iwamot dot com)
Discovery 2009-12-17 Entry 2009-12-17 php5
< 5.2.12
CVE-2009-3557
CVE-2009-3558
CVE-2009-4017
CVE-2009-4142
CVE-2009-4143
http://www.php.net/releases/5_2_12.php
|
392b5b1d-9471-11dc-9db7-001c2514716c | php -- multiple security vulnerabilities
PHP project reports:
Security Enhancements and Fixes in PHP 5.2.5:
- Fixed dl() to only accept filenames. Reported by Laurent
Gaffie.
- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
Reported by Laurent Gaffie.
- Fixed htmlentities/htmlspecialchars not to accept partial
multibyte sequences. Reported by Rasmus Lerdorf
- Fixed possible triggering of buffer overflows inside glibc
implementations of the fnmatch(), setlocale() and glob()
functions. Reported by Laurent Gaffie.
- Fixed "mail.force_extra_parameters" php.ini directive not to be
modifiable in .htaccess due to the security implications. Reported
by SecurityReason.
- Fixed bug #42869 (automatic session id insertion adds sessions
id to non-local forms).
- Fixed bug #41561 (Values set with php_admin_* in httpd.conf can
be overwritten with ini_set()).
Discovery 2007-11-08 Entry 2007-11-16 php5
< 5.2.5
26403
CVE-2007-4887
|
e329550b-54f7-11db-a5ae-00508d6a62df | php -- _ecalloc Integer Overflow Vulnerability
Stefan Esser reports:
The PHP 5 branch of the PHP source code lacks the
protection against possible integer overflows inside
ecalloc() that is present in the PHP 4 branch and also for
several years part of our Hardening-Patch and our new
Suhosin-Patch.
It was discovered that such an integer overflow can be
triggered when user input is passed to the unserialize()
function. Earlier vulnerabilities in PHP's unserialize()
that were also discovered by one of our audits in December
2004 are unrelated to the newly discovered flaw, but they
have shown, that the unserialize() function is exposed to
user-input in many popular PHP applications. Examples for
applications that use the content of COOKIE variables with
unserialize() are phpBB and Serendipity.
The successful exploitation of this integer overflow will
result in arbitrary code execution.
Discovery 2006-09-30 Entry 2006-10-06 Modified 2013-04-01 php5
< 5.1.6_1
php5-cli
php5-cgi
php5-dtc
php5-horde
php5-nms
mod_php5
ge 5 lt 5.1.6_1
CVE-2006-4812
http://www.hardened-php.net/advisory_092006.133.html
http://secunia.com/advisories/22280/
|
f3148a05-0fa7-11e0-becc-0022156e8794 | php -- corruption of $GLOBALS and $this variables via extract() method
Off-by-one error in the sanity validator for the extract()
method allowed attackers to replace the values of $GLOBALS
and $this when mode EXTR_OVERWRITE was used.
Discovery 2010-12-10 Entry 2011-01-13 php5
< 5.3.4
php52
< 5.2.15
http://www.mail-archive.com/php-cvs@lists.php.net/msg47722.html
http://www.php.net/releases/5_2_15.php
|
59e7163c-cf84-11e2-907b-0025905a4770 | php5 -- Heap based buffer overflow in quoted_printable_encode
The PHP development team reports:
A Heap-based buffer overflow flaw was found in the php
quoted_printable_encode() function. A remote attacker could use
this flaw to cause php to crash or execute arbirary code with the
permission of the user running php
Discovery 2013-06-06 Entry 2013-06-07 php5
< 5.4.16
php53
< 5.3.26
CVE-2013-2110
https://bugzilla.redhat.com/show_bug.cgi?id=964969
|
af7fbd91-29a1-11e5-86ff-14dae9d210b8 | php -- use-after-free vulnerability
Symeon Paraschoudis reports:
Use-after-free vulnerability in spl_recursive_it_move_forward_ex()
Discovery 2015-06-30 Entry 2015-07-13 php56
< 5.6.11
php55
< 5.5.27
php5
< 5.4.43
https://bugs.php.net/bug.php?id=69970
|
f6377f08-12a7-11dd-bab7-0016179b2dd5 | php -- integer overflow vulnerability
CVE reports:
Integer overflow in PHP 5.2.5 and earlier allows context-dependent
attackers to cause a denial of service and possibly have unspecified
other impact via a printf format parameter with a large width
specifier, related to the php_sprintf_appendstring function in
formatted_print.c and probably other functions for formatted strings
(aka *printf functions).
Discovery 2008-03-21 Entry 2008-04-25 Modified 2008-05-02 php5
< 5.2.6
CVE-2008-1384
28392
http://securityreason.com/achievement_securityalert/52
|
f5e52bf5-fc77-11db-8163-000e0c2e438a | php -- multiple vulnerabilities
The PHP development team reports:
Security Enhancements and Fixes in PHP 5.2.2 and PHP
4.4.7:
- Fixed CVE-2007-1001, GD wbmp used with invalid image
size
- Fixed asciiz byte truncation inside mail()
- Fixed a bug in mb_parse_str() that can be used to
activate register_globals
- Fixed unallocated memory access/double free in in
array_user_key_compare()
- Fixed a double free inside session_regenerate_id()
- Added missing open_basedir & safe_mode checks to zip://
and bzip:// wrappers.
- Limit nesting level of input variables with
max_input_nesting_level as fix for.
- Fixed CRLF injection inside ftp_putcmd().
- Fixed a possible super-global overwrite inside
import_request_variables().
- Fixed a remotely trigger-able buffer overflow inside
bundled libxmlrpc library.
Security Enhancements and Fixes in PHP 5.2.2 only:
- Fixed a header injection via Subject and To parameters
to the mail() function
- Fixed wrong length calculation in unserialize S
type.
- Fixed substr_compare and substr_count information
leak.
- Fixed a remotely trigger-able buffer overflow inside
make_http_soap_request().
- Fixed a buffer overflow inside
user_filter_factory_create().
Security Enhancements and Fixes in PHP 4.4.7 only:
Discovery 2007-05-03 Entry 2007-05-07 Modified 2014-04-01 php5-imap
php5-odbc
php5-session
php5-shmop
php5-sqlite
php5-wddx
php5
< 5.2.2
php4-odbc
php4-session
php4-shmop
php4-wddx
php4
< 4.4.7
mod_php4-twig
mod_php4
mod_php5
mod_php
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php5-cgi
php5-cli
php5-dtc
php5-horde
php5-nms
ge 4 lt 4.4.7
ge 5 lt 5.2.2
CVE-2007-1001
http://www.php.net/releases/4_4_7.php
http://www.php.net/releases/5_2_2.php
|
d3921810-3c80-11e1-97e8-00215c6a37bb | php -- multiple vulnerabilities
php development team reports:
Security Enhancements and Fixes in PHP 5.3.9:
- Added max_input_vars directive to prevent attacks
based on hash collisions. (CVE-2011-4885)
- Fixed bug #60150 (Integer overflow during the parsing
of invalid exif header). (CVE-2011-4566)
Discovery 2011-12-29 Entry 2012-01-11 Modified 2012-01-19 php5
php5-exif
< 5.3.9
php52
< 5.2.17_5
php52-exif
< 5.2.17_6
CVE-2011-4566
CVE-2011-4885
http://www.nruns.com/_downloads/advisory28122011.pdf
|
1e232a0c-eb57-11e4-b595-4061861086c1 | Several vulnerabilities found in PHP
The PHP project reports:
The PHP development team announces the immediate
availability of PHP 5.4.40. 14 security-related
bugs were fixed in this release, including
CVE-2014-9709, CVE-2015-2301, CVE-2015-2783,
CVE-2015-1352. All PHP 5.4 users are encouraged to
upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.5.24. Several bugs have been
fixed, some of them being security related, like
CVE-2015-1351 and CVE-2015-1352. All PHP 5.5 users
are encouraged to upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.6.8. Several bugs have been
fixed, some of them being security related, like
CVE-2015-1351 and CVE-2015-1352. All PHP 5.6 users
are encouraged to upgrade to this version.
Discovery 2015-04-16 Entry 2015-04-25 Modified 2015-05-22 php5
< 5.4.40
php55
< 5.5.24
php56
< 5.6.8
http://php.net/archive/2015.php#id2015-04-16-2
CVE-2014-9709
CVE-2015-2301
CVE-2015-2783
CVE-2015-1351
CVE-2015-1352
ports/199585
|
59b68b1e-9c78-11e1-b5e0-000c299b62e1 | php -- multiple vulnerabilities
The PHP Development Team reports:
The release of PHP 5.4.13 and 5.4.3 complete a fix for the
vulnerability in CGI-based setups as originally described in
CVE-2012-1823. (CVE-2012-2311)
Note: mod_php and php-fpm are not vulnerable to this attack.
PHP 5.4.3 fixes a buffer overflow vulnerability in the
apache_request_headers() (CVE-2012-2329).
Discovery 2012-05-08 Entry 2012-05-12 php5
gt 5.4 lt 5.4.3
< 5.3.13
php53
< 5.3.13
php52
< 5.2.17_9
CVE-2012-1823
CVE-2012-2311
CVE-2012-2329
|
31de2e13-00d2-11e5-a072-d050996490d0 | php -- multiple vulnerabilities
PHP development team reports:
Fixed bug #69364 (PHP Multipart/form-data remote DoS
Vulnerability). (CVE-2015-4024)
Fixed bug #69418 (CVE-2006-7243 fix regressions in
5.4+). (CVE-2015-4025)
Fixed bug #69545 (Integer overflow in ftp_genlist()
resulting in heap overflow). (CVE-2015-4022)
Fixed bug #68598 (pcntl_exec() should not allow null
char). (CVE-2015-4026)
Fixed bug #69453 (Memory Corruption in phar_parse_tarfile
when entry filename starts with null). (CVE-2015-4021)
Discovery 2015-05-14 Entry 2015-05-22 php5
< 5.4.41
php55
< 5.5.25
php56
< 5.6.9
CVE-2015-4021
CVE-2015-4022
CVE-2015-4024
CVE-2015-4025
CVE-2015-4026
https://php.net/ChangeLog-5.php#5.6.9
|
27d01223-c457-11dd-a721-0030843d3802 | php -- multiple vulnerabilities
Secunia reports:
Some vulnerabilities have been reported in PHP, where some have an
unknown impact and others can potentially be exploited by malicious
people to cause a DoS (Denial of Service) or compromise a vulnerable
system.
An input validation error exists within the
"ZipArchive::extractTo()" function when extracting ZIP archives.
This can be exploited to extract files to arbitrary locations
outside the specified directory via directory traversal sequences in
a specially crafted ZIP archive.
An error in the included PCRE library can be exploited to cause a
buffer overflow.
The problem is that the "BG(page_uid)" and "BG(page_gid)" variables
are not initialized. No further information is currently
available.
The problem is that the "php_value" order is incorrect for Apache
configurations. No further information is currently available.
An error in the GD library can be exploited to cause a crash via a
specially crafted font file.
Discovery 2008-12-04 Entry 2008-12-07 php5
< 5.2.7
CVE-2008-2371
CVE-2008-2829
CVE-2008-3658
CVE-2008-3659
CVE-2008-3660
http://www.php.net/ChangeLog-5.php#5.2.7
http://www.sektioneins.de/advisories/SE-2008-06.txt
http://secunia.com/advisories/30916/
http://secunia.com/advisories/31409/
http://secunia.com/advisories/32964/
|
ad74a1bd-16d2-11d9-bc4a-000c41e2cdad | php -- php_variables memory disclosure
Stefano Di Paola reports:
Bad array parsing in php_variables.c could lead to show
arbitrary memory content such as pieces of php code
and other data. This affects all GET, POST or COOKIES
variables.
Discovery 2004-09-15 Entry 2004-10-05 mod_php4-twig
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php4
le 4.3.8_2
mod_php
mod_php4
ge 4 le 4.3.8_2,1
php5
php5-cgi
php5-cli
le 5.0.1
mod_php5
le 5.0.1,1
http://marc.theaimsgroup.com/?l=bugtraq&m=109527531130492
|
3d675519-5654-11e5-9ad8-14dae9d210b8 | php -- multiple vulnerabilities
PHP reports:
- Core:
- Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
- Fixed bug #70219 (Use after free vulnerability in session deserializer).
- EXIF:
- Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
- hash:
- Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
- PCRE:
- Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
- SOAP:
- Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
- SPL:
- Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
- Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).
- XSLT:
- Fixed bug #69782 (NULL pointer dereference).
- ZIP:
- Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).
Discovery 2015-09-03 Entry 2015-09-08 Modified 2015-09-08 php5
php5-soap
php5-xsl
< 5.4.45
php55
php55-soap
php55-xsl
< 5.5.29
php56
php56-soap
php56-xsl
< 5.6.13
http://php.net/ChangeLog-5.php#5.4.45
http://php.net/ChangeLog-5.php#5.5.29
http://php.net/ChangeLog-5.php#5.6.13
CVE-2015-6834
CVE-2015-6835
CVE-2015-6836
CVE-2015-6837
CVE-2015-6838
|
73634294-0fa7-11e0-becc-0022156e8794 | php -- open_basedir bypass
MITRE reports:
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow
remote attackers to bypass open_basedir restrictions via
vectors related to the length of a filename.
Discovery 2010-12-10 Entry 2011-01-13 php5
< 5.3.4
php52
< 5.2.15
44723
CVE-2010-3436
|
5a1d5d74-29a0-11e5-86ff-14dae9d210b8 | php -- arbitrary code execution
cmb reports:
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and the
value of the environment variable ENV will be subsituted.
Discovery 2015-06-07 Entry 2015-07-13 php56
< 5.6.11
php55
< 5.5.27
php5
< 5.4.43
https://bugs.php.net/bug.php?id=69768
|
3761df02-0f9c-11e0-becc-0022156e8794 | php -- NULL byte poisoning
PHP-specific version of NULL-byte poisoning was briefly
described by ShAnKaR:
Poison NULL byte vulnerability for perl CGI applications
was described in
[1].
ShAnKaR noted, that same vulnerability also affects
different PHP applications.
PHP developers report that branch 5.3 received a fix:
Paths with NULL in them (foo\0bar.txt) are now considered
as invalid (CVE-2006-7243).
Discovery 2010-12-10 Entry 2011-01-13 Modified 2012-11-25 php5
< 5.3.4
php52
< 5.2.17_12
CVE-2006-7243
http://www.securityfocus.com/archive/1/archive/1/445788/100/0/threaded
http://artofhacking.com/files/phrack/phrack55/P55-07.TXT
|
f7a9e415-bdca-11e4-970c-000c292ee6b8 | php5 -- multiple vulnerabilities
The PHP Project reports:
Use after free vulnerability in unserialize() with DateTimeZone.
Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer
overflow.
Discovery 2015-02-18 Entry 2015-02-26 php5
< 5.4.38
php55
< 5.5.22
php56
< 5.6.6
CVE-2015-0235
CVE-2015-0273
http://php.net/ChangeLog-5.php#5.4.38
http://php.net/ChangeLog-5.php#5.5.22
http://php.net/ChangeLog-5.php#5.6.6
|
2b6ed5c7-1a7f-11e0-b61d-000c29d1636d | php -- multiple vulnerabilities
PHP developers reports:
Security Enhancements and Fixes in PHP 5.3.5:
- Fixed bug #53632 (PHP hangs on numeric value
2.2250738585072011e-308). (CVE-2010-4645)
Security Enhancements and Fixes in PHP 5.2.17:
- Fixed bug #53632 (PHP hangs on numeric value
2.2250738585072011e-308). (CVE-2010-4645)
Discovery 2011-01-06 Entry 2011-01-09 Modified 2011-01-09 php5
< 5.3.5
php52
< 5.2.17
CVE-2010-4645
|
dd7aa4f1-102f-11d9-8a8a-000c41e2cdad | php -- memory_limit related vulnerability
Stefan Esser of e-matters discovered a condition within PHP
that may lead to remote execution of arbitrary code. The
memory_limit facility is used to notify functions when memory
contraints have been met. Under certain conditions, the entry
into this facility is able to interrupt functions such as
zend_hash_init() at locations not suitable for interruption.
The result would leave these functions in a vulnerable state.
An attacker that is able to trigger the memory_limit abort
within zend_hash_init() and is additionally able to control
the heap before the HashTable itself is allocated, is able to
supply his own HashTable destructor pointer. [...]
All mentioned places outside of the extensions are quite easy
to exploit, because the memory allocation up to those places
is deterministic and quite static throughout different PHP
versions. [...]
Because the exploit itself consist of supplying an arbitrary
destructor pointer this bug is exploitable on any platform.
Discovery 2004-07-07 Entry 2004-09-27 Modified 2004-10-02 mod_php4-twig
php4
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
le 4.3.7_3
mod_php4
le 4.3.7_3,1
php5
php5-cgi
php5-cli
le 5.0.0.r3_2
mod_php5
le 5.0.0.r3_2,1
CVE-2004-0594
http://marc.theaimsgroup.com/?l=bugtraq&m=108981780109154
http://security.e-matters.de/advisories/112004.html
10725
|
60de13d5-95f0-11e1-806a-001143cd36d8 | php -- vulnerability in certain CGI-based setups
php development team reports:
Security Enhancements and Fixes in PHP 5.3.12:
- Initial fix for cgi-bin ?-s cmdarg parse issue
(CVE-2012-1823)
Discovery 2012-05-03 Entry 2012-05-05 php5
gt 5.4 lt 5.4.2
< 5.3.12
php53
< 5.3.12
php4
< 4.4.10
php52
< 5.2.17_8
CVE-2012-1823
|
7fcf1727-be71-11db-b2ec-000c6ec775d9 | php -- multiple vulnerabilities
Multiple vulnerabilities have been found in PHP, including:
buffer overflows, stack overflows, format string, and
information disclosure vulnerabilities.
The session extension contained safe_mode and
open_basedir bypasses, but the FreeBSD Security
Officer does not consider these real security
vulnerabilities, since safe_mode and
open_basedir are insecure by design and should
not be relied upon.
Discovery 2007-02-09 Entry 2007-02-17 Modified 2013-04-01 php5-imap
php5-odbc
php5-session
php5-shmop
php5-sqlite
php5-wddx
php5
< 5.2.1_2
php4-odbc
php4-session
php4-shmop
php4-wddx
php4
< 4.4.5
mod_php4-twig
mod_php4
mod_php5
mod_php
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php5-cgi
php5-cli
php5-dtc
php5-horde
php5-nms
ge 4 lt 4.4.5
ge 5 lt 5.2.1_2
CVE-2007-0905
CVE-2007-0906
CVE-2007-0907
CVE-2007-0908
CVE-2007-0909
CVE-2007-0910
CVE-2007-0988
http://secunia.com/advisories/24089/
http://www.php.net/releases/4_4_5.php
http://www.php.net/releases/5_2_1.php
|
ee6fa2bd-406a-11dd-936a-0015af872849 | php -- input validation error in safe_mode
According to Maksymilian Arciemowicz research,
it is possible to bypass security restrictions
of safe_mode in various
functions via directory traversal vulnerability. The attacker
can use this attack to gain access to sensitive
information. Functions utilizing
expand_filepath() may be affected.
It should be noted that this vulnerability is not
considered to be serious by the FreeBSD Security Team,
since safe_mode and open_basedir
are insecure by design and should not be relied upon.
Discovery 2008-06-17 Entry 2008-06-22 Modified 2008-09-04 php5
< 5.2.6_2
CVE-2008-2665
CVE-2008-2666
29797
http://securityreason.com/achievement_securityalert/54
|