Gentoo Linux Security Advisory GLSA 200705-19 - Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the GD library and in the substr_compare() PHP 5 function. Ilia Alshanetsky also reported a buffer overflow in the make_http_soap_request() and in the user_filter_factory_create() functions, and Stanislav Malyshev discovered another buffer overflow in the bundled XMLRPC library. Additionally, the session_regenerate_id() and the array_user_key_compare() functions contain a double-free vulnerability. Finally, there exist implementation errors in the Zend engine, in the mb_parse_str(), the unserialize() and the mail() functions and other elements. Versions less than 5.2.2 are affected.
85b7223b6bfd70f54588716713c6a4f7ef1cdaf921d40a164c836fe16bbb3b6fUbuntu Security Notice 462-1 - A flaw was discovered in the FTP command handler in PHP. Commands were not correctly filtered for control characters. An attacker could issue arbitrary FTP commands using specially crafted arguments. Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler in PHP. Remote attackers could send a specially crafted SOAP request and execute arbitrary code with web server privileges. Ilia Alshanetsky discovered a buffer overflow in the user filter factory in PHP. A local attacker could create a specially crafted script and execute arbitrary code with web server privileges. Gregory Beaver discovered that the PEAR installer did not validate installation paths. If a user were tricked into installing a malicious PEAR package, an attacker could overwrite arbitrary files.
4270f8e9ae4654fadf832c0bd519c5b09117a7ca233ee391480dd1eaf3de91aaDebian Security Advisory 1296-1 - It was discovered that the ftp extension of PHP, a server-side, HTML-embedded scripting language performs insufficient input sanitising, which permits an attacker to execute arbitrary FTP commands. This requires the attacker to already have access to the FTP server.
d3c6df087bbead582c60dfc8e0548646c6d296403aeda1230fa3321797dc4092Debian Security Advisory 1295-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.
720391f44dba45c14430fe4f2f1c12503278e087480a630e641c643a5b18c89cMandriva Linux Security Advisory - Multiple vulnerabilities in PHP4 have been fixed.
ae759429289c1a3693ebe71fa61005c7aa7fcbf3ea7221d2667bd23c8df1c652Mandriva Linux Security Advisory - Multiple vulnerabilities in PHP have been fixed.
309a748bbde2fa997c8e6a8ce844c9b4e8862353547fad0c2c90deb5ea8933c6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed