HP Security Bulletin HPSBOV02763 SSRT100826 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, privilege escalation, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.
ed9a5902d9c99aabc1fc739a0ec49b2e95fcbd6c58b9ceb14b8f6abcfe7fb2bcDebian Linux Security Advisory 2195-1 - Stephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system (CVE-2011-0441).
8c976ecd8159b97b81ceda7096250bcdba228218460a2b386797c24f18912b61Ubuntu Security Notice 1042-1 - Various issues have been addressed with php5. It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that the XML UTF-8 decoding code did not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that attackers might be able to bypass open_basedir() restrictions by passing a specially crafted filename. Other issues Maksymilian Arciemowicz discovered that a NULL pointer derefence in the ZIP archive handling code could allow an attacker to cause a denial of service through a specially crafted ZIP archive.
913a13e39a2c89b9d6470dae0fbd06dbbb46dd11bfc6b11630757c337688701fMandriva Linux Security Advisory 2010-224 - A vulnerability was discovered and corrected in php. A flaw in ext/xml/xml.c could cause a cross-site scripting vulnerability.
1586a904d20fbb01ee862330badc98165e79bacbf7021e82cdbadfab39e3e7b4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed