HP Security Bulletin HPSBOV02763 SSRT100826 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, privilege escalation, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.
ed9a5902d9c99aabc1fc739a0ec49b2e95fcbd6c58b9ceb14b8f6abcfe7fb2bcSlackware Security Advisory - New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and current to address security issues.
2ea49ac2a864e8917adf052af23624d53aae91fc589e2c543ce6d1ad7da4b03bDebian Linux Security Advisory 2266-2 - The update for CVE-2010-2531 for the old stabledistribution (lenny) introduced a regression, which lead to additional output being written to stdout.
f8f9215e818490fc2f7ebd9064ee594fd02d03d6a1ed09e7ff12fa39b629cd00Debian Linux Security Advisory 2266-1 - Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code.
40ee0fdcf0a402b4e148929bf52520da5205fe15c50c8dae5bbc534b47bdd4b6Mandriva Linux Security Advisory 2011-099 - The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service via an empty ZIP archive that is processed with a statName operation.
5f56bbf1927d311d0b7613020b373344a22acb4b5c91e1e99cedd55648e42362Ubuntu Security Notice 1126-2 - USN 1126-1 fixed several vulnerabilities in PHP. The fix for CVE-2010-4697 introduced an incorrect reference counting regression in the Zend engine that caused the PHP interpreter to segfault. This regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS.
d3109ede1f1b610fb18480ae30cb346b0d85aac84aedfeadd43a5eb1ad6fe0a2Ubuntu Security Notice 1126-1 - Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite arbitrary files via a symlink attack on the package.xml file. Martin Barbella discovered a buffer overflow in the PHP GD extension that allows an attacker to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function. It was discovered that PHP accepts the \0 character in a pathname, which might allow an attacker to bypass intended access restrictions by placing a safe file extension after this character. Various other issues with PHP 5 were also identified and resolved.
0d1f20dac678d851bff44d385515866f5fb9db107a028a3a3bb2ee850d32fc53Mandriva Linux Security Advisory 2011-053 - Multiple vulnerabilities has been identified and fixed in php. These range from denial of service to code execution issues.
8e3a31350afca8110c11002ff4e93c17438c6aac20bba525ca9ac7e60132ba30Mandriva Linux Security Advisory 2011-052 - Multiple vulnerabilities has been identified and fixed in php. These range from denial of service to code execution issues.
1b98e934ccd7157b0631d5dcf0d404eaa0ead3e489c99c8cdc7264385eb99b35libzip version 0.9.3 allows remote and local attackers to trigger a denial of service condition via a null pointer dereference if ZIP_FL_UNCHANGED flag is set.
4ab977aa3a116d991be0d343936aa1203eccdd3ec80506df3e2493e872a86b24
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed