Computer Security

Search:Software:PHP 5.1
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



See also
  PHP : PHP 5.4
  PHP : PHP 5.3
  AARDVARK : Aardvark Topsites PHP 5.2
  PHP : PHP 5,2
  AARDVARDTOPSITES : Aardvark Topsites PHP 5.1
  ATSPHP : Atsphp 5.0
  DOTDEB : Dotdeb PHP 5.2
  PHP : PHP 5.2
  DTHEATRE : Jacks FormMail.php 5.0
  PHP : PHP 5.0
Name:PHP : PHP 5.1

 PHP unauthorized access
document mbstring.func_overload setting in .htaccess is applied to all websites.
6!Multiple PHP security vulnerabilities
updated since 10.04.2006
document Crossite scripting, DoS, protection bypass, buffer overflows.
8!PHP functions buffer overflow
document Buffer overflow in htmlentities() and htmlspecialchars() on UTF-8 encoding.
6!PHP integer overflow
document unserialize() function integer overflow.
6!PHP integer overflow
document Integer overflow in dynamic memory allocation routines.
 PHP mysql_error() crosssite scripting
document Crossite scripting is possible if mysql_error() result is used in application output.
6!PHP Safe Mode protection bypass
document By usgin ini_restore function it's possible to clear safe_mode variable.
6!Multiple PHP scripting language security vulnerabilities
updated since 18.08.2006
document "file_exists()", "imap_open()", and "imap_reopen()" function and cURL extension safe mode restriction bypass, buffer overflows in different functions on 64-bit systems, buffer overflow in GD extension on GIFs processing, stripos() out-of-memory reading, Incorrect memory_limit restrictions on 64-bit systems. Buffer overflow in LWZReadByte().
6!PHP memory corruption
document sscanf() function past the end of aray writing.
6!PHP invalid has table value deletion vulnerability
document Wrong element with same hash value but different class may be removed from hash table.
 PHP Safe Mode protection bypass
document error_log allows restricted files access.
6!PHP cURL safe mode protection bypass
document Multiple possibilities to execute code with no restrictiions with curl* functions.
6!PHP html_entity_decode() information leak
document Iinvalid processing of non-printable characters allows to access memory content.
6!mb_send_mail() PHP safe mode protection bypass
updated since 28.02.2006
document mb_send_mail() and imap_* unfctions allow to access system files.
 Multiple PHP extensions vulnerabilities
document mysqli extension format string vulnerability, session extension session id HTTP response splitting.
                    
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server