 |
|
|
|
Multiple PHP bugs
updated since 27.02.2002 | | Published: |  | 04.03.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 1818 | | Type: |  | local | | Level: |  | 6/10 | | Description: |  | Buffer overflows, integer overflows, DoS conditions, crossite scripting. |
| Affected: |  | PHP : PHP 3.10 | | | | PHP : PHP 4.0 | | | | PHP : PHP 4.2 | | | | PHP : PHP 4.3 | | | | PHP : PHP 4.4 | | CVE: |  | CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.) | | | | CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment.") |
| Original document |  | PHP-SECURITY, MOPB-08-2007:PHP 4 phpinfo() XSS Vulnerability (Deja-vu) (04.03.2007) |
| | | silent needel, PHP XSS exploit in phpinfo() (05.06.2003) |
| | | Sverre H. Huseby, PHP Trans SID XSS (Was: New php release with security fixes) (02.06.2003) |
| | | PHP, PHP 4.3.2 released (30.05.2003) |
| | | X-FORCE, ISS Brief: Remote Compromise and Denial of Service Vulnerability in PHP (23.07.2002) |
| | | CERT, Advisory CA-2002-21 Vulnerability in PHP (23.07.2002) |
| | | Matthew Murphy, PHP Resource Exhaustion Denial of Service (23.07.2002) |
| | | PHP, Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 (22.07.2002) |
| | | security_(at)_e-matters.de, Advisory 02/2002: PHP remote vulnerability (22.07.2002) |
| | | security_(at)_e-matters.de, Advisory 012002: PHP remote vulnerabilities (28.02.2002) |
| | | CERT, Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload (28.02.2002) |
| | | X-FORCE, Multiple PHP Vulnerabilities - Remote Compromise Exploit in Circulation (27.02.2002) |
|
|
|
|
|
|
|
|
