HP Security Bulletin - Potential security vulnerabilities have been identified with HP System Management
2efeed0aee6d4abd170fc0d4883b1b3a796dad2d19914617100138b2c7bc8933Gentoo Linux Security Advisory 201001-3 - Multiple vulnerabilities were found in PHP, the worst of which leading to the remote execution of arbitrary code. Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below and the associated PHP release notes for details. Versions less than 5.2.12 are affected.
aff1f9bdb3800d54675a65671b47a6ba413ece16b6ab47e89279c16cfaa490a7HP Security Bulletin - Potential security vulnerabilities have been identified with HP System Management
877280cede3717fd78b6aad4650bf2f11a83c30ef61d2a9bbf50ad49152492f0Debian Security Advisory 1789-1 - Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor.
100a5040d4193726e6aaec8b6a7e78375f9a96e618e105219e44df555dd8498eUbuntu Security Notice USN-761-2 - USN-761-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: It was discovered that PHP did not sanitize certain error messages when display_errors is enabled, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. It was discovered that PHP did not properly handle certain malformed strings when being parsed by the json_decode function. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 and 8.10.
6f6e34a7e1f868afac7b08717f7988445bf15f42f9f330b10b088428ac39d08eUbuntu Security Notice USN-761-1 - It was discovered that PHP did not sanitize certain error messages when display_errors is enabled, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. It was discovered that PHP did not properly handle the mbstring.func_overload setting within .htaccess files when using virtual hosts. A virtual host administrator could use this flaw to cause settings to be applied to other virtual hosts on the same server. It was discovered that PHP did not properly handle certain malformed strings when being parsed by the json_decode function. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 and 8.10.
a395489f8192730cf1245537c3a3b1a0804639245e2d8915b403959163756996
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed