Page 93 of 538 results (0.022 seconds)

CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name(). • ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://rhn.redhat.com/errata/RHSA-2006-0736.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21050 http://secunia.com/advisories/22004 http://secunia.com/advisories/22069 http://secunia.com/advisories/22225 http://secunia.com/advisories/22440 http://secunia.com/advisories/22487 http://secunia.com/advisories/23247 http://securitytracker.com/id?1016306 http://support.avaya.com/el •

CVSS: 9.3EPSS: 5%CPEs: 85EXPL: 0

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21031 http://secunia.com/advisories/21050 •

CVSS: 2.1EPSS: 0%CPEs: 30EXPL: 0

Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. • http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0209.html http://cvs.php.net/viewcvs.cgi/php-src/NEWS?view=markup&rev=1.1247.2.920.2.134 http://secunia.com/advisories/21125 http://securityreason.com/securityalert/1069 http://securitytracker.com/id?1016271 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 http://www.securityfocus.com/archive/1/436785/100/0/threaded http://www.ubuntu.com/usn/usn-320-1 https://exchange.xforce.ibmcloud.com/vulnerabilities •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. • http://secunia.com/advisories/20337 http://secunia.com/advisories/21050 http://secunia.com/advisories/21847 http://secunia.com/advisories/22039 http://securityreason.com/achievement_securityalert/39 http://securityreason.com/securityalert/959 http://securitytracker.com/id?1016175 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 http://www.novell.com/linux/security/advisories/2006_22_sr.html http://www.novell.com/linux/security/advisories/2006_52_php.html http://www.se •

CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 1

Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. Desbordamiento de entero en la función wordwrap en string.c en PHP 4.4.2 y 5.1.2 podría permitir a atacantes dependientes del contexto ejecutar código arbitrario a través de ciertos argumentos largos que provoca la asignación de un búfer pequeño, lo que desencadena un desbordamiento de búfer basado en memoria dinámica en una llamada a la función memcpy, una vulnerabilidad diferente a CVE-2002-1396. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19803 http://secunia.com/advisories/20052 http://secunia.com/advisories/20222 http://secunia.com/advisories/20269 http://secunia.com/advisories/20676 http://secunia.com/advisories/21031 http://secunia.c •