Computer Security
[EN] no-pyccku

Multiple PHP vulnerabilities
updated since 31.10.2005
SecurityVulns ID:5398
Threat Level:
Description:phpinfo() crossite scripting, parse_str() register_globals activisation possibility, $GLOBALS variable modification witrh HTTP POST form 'fileupload' field. It's also possible to modify any variable with GLOBALS[variable].
Affected:PHP : PHP 5.0
 PHP : PHP 4.4
Original documentdocumentascii, PHP5 Globals Vulnerability: with ?GLOBALS[foobar] you can set the value of the un-initialized $foobar variable. (29.01.2006)
 documentSECUNIA, [SA17763] PHP "mb_send_mail()" "To:" Header Injection Vulnerability (28.11.2005)
 documentJuha-Matti Laurio, PHP Version 5.1.0 Update Fixes Several Vulnerabilities (26.11.2005)
 documentStefan Esser, [Full-disclosure] Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability (31.10.2005)
 documentStefan Esser, [Full-disclosure] Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str() (31.10.2005)
 documentStefan Esser, [Full-disclosure] Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo() (31.10.2005)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod