Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title PHP: Multiple vulnerabilities
Informations
Name GLSA-201110-06 First vendor Publication 2011-10-10
Vendor Gentoo Last vendor Modification 2011-10-10
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities were found in PHP, the worst of which leading to remote execution of arbitrary code.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker could execute arbitrary code, obtain sensitive information from process memory, bypass intended access restrictions, or cause a Denial of Service in various ways.

A remote attacker could cause a Denial of Service in various ways, bypass spam detections, or bypass open_basedir restrictions.

Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.8"

References

[ 1 ] CVE-2006-7243 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7243
[ 2 ] CVE-2009-5016 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5016
[ 3 ] CVE-2010-1128 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1128
[ 4 ] CVE-2010-1129 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1129
[ 5 ] CVE-2010-1130 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1130
[ 6 ] CVE-2010-1860 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1860
[ 7 ] CVE-2010-1861 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1861
[ 8 ] CVE-2010-1862 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1862
[ 9 ] CVE-2010-1864 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1864
[ 10 ] CVE-2010-1866 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1866
[ 11 ] CVE-2010-1868 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1868
[ 12 ] CVE-2010-1914 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1914
[ 13 ] CVE-2010-1915 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1915
[ 14 ] CVE-2010-1917 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1917
[ 15 ] CVE-2010-2093 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2093
[ 16 ] CVE-2010-2094 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2094
[ 17 ] CVE-2010-2097 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2097
[ 18 ] CVE-2010-2100 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2100
[ 19 ] CVE-2010-2101 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2101
[ 20 ] CVE-2010-2190 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2190
[ 21 ] CVE-2010-2191 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2191
[ 22 ] CVE-2010-2225 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2225
[ 23 ] CVE-2010-2484 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2484
[ 24 ] CVE-2010-2531 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2531
[ 25 ] CVE-2010-2950 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2950
[ 26 ] CVE-2010-3062 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3062
[ 27 ] CVE-2010-3063 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3063
[ 28 ] CVE-2010-3064 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3064
[ 29 ] CVE-2010-3065 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3065
[ 30 ] CVE-2010-3436 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3436
[ 31 ] CVE-2010-3709 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709
[ 32 ] CVE-2010-3709 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709
[ 33 ] CVE-2010-3710 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710
[ 34 ] CVE-2010-3710 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710
[ 35 ] CVE-2010-3870 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3870
[ 36 ] CVE-2010-4150 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4150
[ 37 ] CVE-2010-4409 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4409
[ 38 ] CVE-2010-4645 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4645
[ 39 ] CVE-2010-4697 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4697
[ 40 ] CVE-2010-4698 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4698
[ 41 ] CVE-2010-4699 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4699
[ 42 ] CVE-2010-4700 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4700
[ 43 ] CVE-2011-0420 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0420
[ 44 ] CVE-2011-0421 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0421
[ 45 ] CVE-2011-0708 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0708
[ 46 ] CVE-2011-0752 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0752
[ 47 ] CVE-2011-0753 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0753
[ 48 ] CVE-2011-0755 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0755
[ 49 ] CVE-2011-1092 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1092
[ 50 ] CVE-2011-1148 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1148
[ 51 ] CVE-2011-1153 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1153
[ 52 ] CVE-2011-1464 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1464
[ 53 ] CVE-2011-1466 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1466
[ 54 ] CVE-2011-1467 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1467
[ 55 ] CVE-2011-1468 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1468
[ 56 ] CVE-2011-1469 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1469
[ 57 ] CVE-2011-1470 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1470
[ 58 ] CVE-2011-1471 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1471
[ 59 ] CVE-2011-1657 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1657
[ 60 ] CVE-2011-1938 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1938
[ 61 ] CVE-2011-2202 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2202
[ 62 ] CVE-2011-2483 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2483
[ 63 ] CVE-2011-3182 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3182
[ 64 ] CVE-2011-3189 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3189
[ 65 ] CVE-2011-3267 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3267
[ 66 ] CVE-2011-3268 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3268

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201110-06.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201110-06.xml

CWE : Common Weakness Enumeration

% Id Name
20 % CWE-200 Information Exposure
19 % CWE-399 Resource Management Errors
15 % CWE-189 Numeric Errors (CWE/SANS Top 25)
14 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10 % CWE-20 Improper Input Validation
7 % CWE-264 Permissions, Privileges, and Access Controls
5 % CWE-310 Cryptographic Issues
5 % CWE-134 Uncontrolled Format String (CWE/SANS Top 25)
2 % CWE-362 Race Condition
2 % CWE-94 Failure to Control Generation of Code ('Code Injection')
2 % CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11939
 
Oval ID: oval:org.mitre.oval:def:11939
Title: Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4
Description: Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4698
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): PHP
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12016
 
Oval ID: oval:org.mitre.oval:def:12016
Title: Security bypass vulnerability in the extract function in PHP before 5.2.15
Description: The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0752
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): PHP
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12156
 
Oval ID: oval:org.mitre.oval:def:12156
Title: DSA-2266-2 php5 -- several
Description: The update for CVE-2010-2531 for the old stable distribution introduced a regression, which lead to additional output being written to stdout.
Family: unix Class: patch
Reference(s): DSA-2266-2
CVE-2010-2531
CVE-2011-0420
CVE-2011-0421
CVE-2011-0708
CVE-2011-1153
CVE-2011-1466
CVE-2011-1471
CVE-2011-2202
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12271
 
Oval ID: oval:org.mitre.oval:def:12271
Title: Race condition vulnerability in the PCNTL extension in PHP before 5.3.4
Description: Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0753
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): PHP
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12388
 
Oval ID: oval:org.mitre.oval:def:12388
Title: DSA-2266-1 php5 -- several
Description: Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code. CVE-2010-2531 An information leak was found in the var_export function. CVE-2011-0421 The Zip module could crash. CVE-2011-0708 An integer overflow was discovered in the Exif module. CVE-2011-1466 An integer overflow was discovered in the Calendar module. CVE-2011-1471 The Zip module was prone to denial of service through malformed archives. CVE-2011-2202 Path names in form based file uploads were incorrectly validated. This update also fixes two bugs, which are not treated as security issues, but fixed nonetheless, see README.Debian.security for details on the scope of security support for PHP.
Family: unix Class: patch
Reference(s): DSA-2266-1
CVE-2010-2531
CVE-2011-0420
CVE-2011-0421
CVE-2011-0708
CVE-2011-1153
CVE-2011-1466
CVE-2011-1471
CVE-2011-2202
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12393
 
Oval ID: oval:org.mitre.oval:def:12393
Title: Vulnerability in the iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4
Description: The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4699
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): PHP
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12483
 
Oval ID: oval:org.mitre.oval:def:12483
Title: DSA-2089-1 php5 -- several
Description: Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1917 The fnmatch function can be abused to conduct denial of service attacks by the means of a stack overflow. CVE-2010-2225 The SplObjectStorage unserializer allows attackers to execute arbitrary code via serialized data by the means of a use-after-free vulnerability. MOPS-60 The default sessions serializer does not correctly handle a special marker, which allows an attacker to inject arbitrary variables into the session and possibly exploit vulnerabilities in the unserializer. For the vulnerability described by CVE-2010-1128 we do not consider upstream's solution to be sufficient. It is recommended to uncomment the "session.entropy_file" and "session.entropy_length" settings in the php.ini files. Further improvements can be achieved by setting "session.hash_function" to 1 and incrementing the value of "session.entropy_length." For the stable distribution, these problems have been fixed in version 5.2.6.dfsg.1-1+lenny9. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your php5 packages.
Family: unix Class: patch
Reference(s): DSA-2089-1
CVE-2010-1917
CVE-2010-2225
CVE-2010-3065
CVE-2010-1128
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12489
 
Oval ID: oval:org.mitre.oval:def:12489
Title: Denial of service vulnerability in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 in IMAP extension
Description: Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4150
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): PHP
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12528
 
Oval ID: oval:org.mitre.oval:def:12528
Title: Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4
Description: Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4697
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): PHP
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12569
 
Oval ID: oval:org.mitre.oval:def:12569
Title: NULL byte injection vulnerability in PHP before 5.3.4
Description: PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
Family: windows Class: vulnerability
Reference(s): CVE-2006-7243
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): PHP
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12589
 
Oval ID: oval:org.mitre.oval:def:12589
Title: Integer overflow vulnerability in the mt_rand function in PHP before 5.3.4
Description: Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0755
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Product(s): PHP
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12620
 
Oval ID: oval:org.mitre.oval:def:12620
Title: SQL Injection vulnerability in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used.
Description: The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4700
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): PHP
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12706
 
Oval ID: oval:org.mitre.oval:def:12706
Title: USN-989-1 -- php5 vulnerabilities
Description: Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests. An attacker could exploit this issue to cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. It was discovered that the pseudorandom number generator in PHP did not provide the expected entropy. An attacker could exploit this issue to predict values that were intended to be random, such as session cookies. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. It was discovered that PHP did not properly handle directory pathnames that lacked a trailing slash character. An attacker could exploit this issue to bypass safe_mode restrictions. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. Grzegorz Stachowiak discovered that the PHP session extension did not properly handle semicolon characters. An attacker could exploit this issue to bypass safe_mode restrictions. This issue only affected Ubuntu 8.04 LTS, 9.04 and 9.10. Stefan Esser discovered that PHP incorrectly decoded remote HTTP chunked encoding streams. An attacker could exploit this issue to cause the PHP server to crash and possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 10.04 LTS. Mateusz Kocielski discovered that certain PHP SQLite functions incorrectly handled empty SQL queries. An attacker could exploit this issue to possibly execute arbitrary code with application privileges. Mateusz Kocielski discovered that PHP incorrectly handled certain arguments to the fnmatch function. An attacker could exploit this flaw and cause the PHP server to consume all available stack memory, resulting in a denial of service. Stefan Esser discovered that PHP incorrectly handled certain strings in the phar extension. An attacker could exploit this flaw to possibly view sensitive information. This issue only affected Ubuntu 10.04 LTS. Stefan Esser discovered that PHP incorrectly handled deserialization of SPLObjectStorage objects. A remote attacker could exploit this issue to view sensitive information and possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 8.04 LTS, 9.04, 9.10 and 10.04 LTS. It was discovered that PHP incorrectly filtered error messages when limits for memory, execution time, or recursion were exceeded. A remote attacker could exploit this issue to possibly view sensitive information. Stefan Esser discovered that the PHP session serializer incorrectly handled the PS_UNDEF_MARKER marker. An attacker could exploit this issue to alter arbitrary session variables
Family: unix Class: patch
Reference(s): USN-989-1
CVE-2010-0397
CVE-2010-1128
CVE-2010-1129
CVE-2010-1130
CVE-2010-1866
CVE-2010-1868
CVE-2010-1917
CVE-2010-2094
CVE-2010-2950
CVE-2010-2225
CVE-2010-2531
CVE-2010-3065
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12808
 
Oval ID: oval:org.mitre.oval:def:12808
Title: DSA-2195-1 php5 -- several
Description: Stephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system. When upgrading your php5-common package take special care to _accept_ the changes to the /etc/cron.d/php5 file. Ignoring them would leave the system vulnerable.
Family: unix Class: patch
Reference(s): DSA-2195-1
CVE-2011-0441
CVE-2010-3709
CVE-2010-3710
CVE-2010-3870
CVE-2010-4150
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13005
 
Oval ID: oval:org.mitre.oval:def:13005
Title: USN-1042-1 -- php5 vulnerabilities
Description: It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10. It was discovered that the XML UTF-8 decoding code did not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which could allow an attacker to bypass cross-site scripting protections. It was discovered that attackers might be able to bypass open_basedir restrictions by passing a specially crafted filename. Maksymilian Arciemowicz discovered that a NULL pointer derefence in the ZIP archive handling code could allow an attacker to cause a denial of service through a specially crafted ZIP archive. This issue only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu 10.10. It was discovered that a stack consumption vulnerability in the filter_var PHP function when in FILTER_VALIDATE_EMAIL mode, could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu 10.10. It was discovered that the mb_strcut function in the Libmbfl library within PHP could allow an attacker to read arbitrary memory within the application process. This issue only affected Ubuntu 10.10. Maksymilian Arciemowicz discovered that an integer overflow in the NumberFormatter::getSymbol function could allow an attacker to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. Rick Regan discovered that when handing PHP textual representations of the largest subnormal double-precision floating-point number, the zend_strtod function could go into an infinite loop on 32bit x86 processors, allowing an attacker to cause a denial of service
Family: unix Class: patch
Reference(s): USN-1042-1
CVE-2009-5016
CVE-2010-3870
CVE-2010-3436
CVE-2010-3709
CVE-2010-3710
CVE-2010-4156
CVE-2010-4409
CVE-2010-4645
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13538
 
Oval ID: oval:org.mitre.oval:def:13538
Title: USN-1042-2 -- php5 regression
Description: USN-1042-1 fixed vulnerabilities in PHP5. The fix for CVE-2010-3436 introduced a regression in the open_basedir restriction handling code. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that attackers might be able to bypass open_basedir restrictions by passing a specially crafted filename
Family: unix Class: patch
Reference(s): USN-1042-2
CVE-2010-3436
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13955
 
Oval ID: oval:org.mitre.oval:def:13955
Title: USN-1126-2 -- php5 regressions
Description: php5: HTML-embedded scripting language interpreter Details: USN 1126-1 fixed several vulnerabilities in PHP. The fix for CVE-2010-4697 introduced an incorrect reference counting regression in the Zend engine that caused the PHP interpreter to segfault. This regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS. The fixes for CVE-2011-1072 and CVE-2011-1144 introduced a regression in the PEAR installer that prevented it from creating its cache directory and reporting errors correctly. We apologize for the inconvenience. Original advisory USN 1126-1 introduced two regressions in PHP.
Family: unix Class: patch
Reference(s): USN-1126-2
CVE-2010-4697
CVE-2011-1072
CVE-2011-1144
CVE-2011-0441
CVE-2010-4698
CVE-2006-7243
CVE-2011-0420
CVE-2011-0421
CVE-2011-0708
CVE-2011-1092
CVE-2011-1148
CVE-2011-1153
CVE-2011-1464
CVE-2011-1466
CVE-2011-1467
CVE-2011-1468
CVE-2011-1469
CVE-2011-1470
CVE-2011-1471
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 6.06
Ubuntu 9.10
Ubuntu 10.04
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13989
 
Oval ID: oval:org.mitre.oval:def:13989
Title: USN-1126-1 -- php5 vulnerabilities
Description: php5: HTML-embedded scripting language interpreter Multiple vulnerabilities in PHP.
Family: unix Class: patch
Reference(s): USN-1126-1
CVE-2011-0441
CVE-2011-1072
CVE-2011-1144
CVE-2010-4697
CVE-2010-4698
CVE-2006-7243
CVE-2011-0420
CVE-2011-0421
CVE-2011-0708
CVE-2011-1092
CVE-2011-1148
CVE-2011-1153
CVE-2011-1464
CVE-2011-1466
CVE-2011-1467
CVE-2011-1468
CVE-2011-1469
CVE-2011-1470
CVE-2011-1471
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 6.06
Ubuntu 9.10
Ubuntu 10.04
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15188
 
Oval ID: oval:org.mitre.oval:def:15188
Title: DSA-2408-1 php5 -- several
Description: Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1072 It was discoverd that insecure handling of temporary files in the PEAR installer could lead to denial of service. CVE-2011-4153 Maksymilian Arciemowicz discovered that a NULL pointer dereference in the zend_strndup function could lead to denial of service. CVE-2012-0781 Maksymilian Arciemowicz discovered that a NULL pointer dereference in the tidy_diagnose function could lead to denial of service. CVE-2012-0788 It was discovered that missing checks in the handling of PDORow objects could lead to denial of service. CVE-2012-0831 It was discovered that the magic_quotes_gpc setting could be disabled remotely This update also addresses PHP bugs, which are not treated as security issues in Debian , but which were fixed nonetheless: CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467 CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182 CVE-2011-3267
Family: unix Class: patch
Reference(s): DSA-2408-1
CVE-2011-1072
CVE-2011-4153
CVE-2012-0781
CVE-2012-0788
CVE-2012-0831
CVE-2010-4697
CVE-2011-1092
CVE-2011-1148
CVE-2011-1464
CVE-2011-1467
CVE-2011-1468
CVE-2011-1469
CVE-2011-1470
CVE-2011-1657
CVE-2011-3182
CVE-2011-3267
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18286
 
Oval ID: oval:org.mitre.oval:def:18286
Title: DSA-2340-1 postgresql - weak password hashing
Description: magnum discovered that the blowfish password hashing used amongst others in PostgreSQL contained a weakness that would give passwords with 8 bit characters the same hash as weaker equivalents.
Family: unix Class: patch
Reference(s): DSA-2340-1
CVE-2011-2483
Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Debian GNU/Linux 5.0
Product(s): postgresql-8.4
postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19494
 
Oval ID: oval:org.mitre.oval:def:19494
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass
Description: PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
Family: unix Class: vulnerability
Reference(s): CVE-2006-7243
Version: 10
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20579
 
Oval ID: oval:org.mitre.oval:def:20579
Title: USN-1229-1 -- postgresql-8.3, postgresql-8.4 vulnerability
Description: PostgreSQL incorrectly handled blowfish passwords.
Family: unix Class: patch
Reference(s): USN-1229-1
CVE-2011-2483
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 8.04
Product(s): postgresql-8.4
postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21065
 
Oval ID: oval:org.mitre.oval:def:21065
Title: USN-1231-1 -- php5 vulnerabilities
Description: Several security issues were fixed in PHP.
Family: unix Class: patch
Reference(s): USN-1231-1
CVE-2011-1938
CVE-2011-2202
CVE-2011-2483
CVE-2011-3182
CVE-2011-3267
CVE-2011-1657
CVE-2010-1914
CVE-2010-2484
Version: 5
Platform(s): Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 8.04
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21534
 
Oval ID: oval:org.mitre.oval:def:21534
Title: RHSA-2011:0195: php security update (Moderate)
Description: strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0195-01
CVE-2009-5016
CVE-2010-3709
CVE-2010-3870
CVE-2010-4645
Version: 55
Platform(s): Red Hat Enterprise Linux 6
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21699
 
Oval ID: oval:org.mitre.oval:def:21699
Title: RHSA-2011:0196: php53 security update (Moderate)
Description: strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0196-01
CESA-2011:0196
CVE-2010-3710
CVE-2010-4156
CVE-2010-4645
Version: 42
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21761
 
Oval ID: oval:org.mitre.oval:def:21761
Title: RHSA-2011:1423: php53 and php security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): RHSA-2011:1423-01
CESA-2011:1423
CVE-2011-0708
CVE-2011-1148
CVE-2011-1466
CVE-2011-1468
CVE-2011-1469
CVE-2011-1471
CVE-2011-1938
CVE-2011-2202
CVE-2011-2483
Version: 120
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21784
 
Oval ID: oval:org.mitre.oval:def:21784
Title: RHSA-2011:1378: postgresql84 security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): RHSA-2011:1378-01
CESA-2011:1378
CVE-2011-2483
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21791
 
Oval ID: oval:org.mitre.oval:def:21791
Title: RHSA-2011:1377: postgresql security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): RHSA-2011:1377-01
CESA-2011:1377
CVE-2011-2483
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
CentOS Linux 6
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22022
 
Oval ID: oval:org.mitre.oval:def:22022
Title: RHSA-2010:0919: php security update (Moderate)
Description: The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
Family: unix Class: patch
Reference(s): RHSA-2010:0919-01
CESA-2010:0919
CVE-2009-5016
CVE-2010-0397
CVE-2010-1128
CVE-2010-1917
CVE-2010-2531
CVE-2010-3065
CVE-2010-3870
Version: 94
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22905
 
Oval ID: oval:org.mitre.oval:def:22905
Title: DEPRECATED: ELSA-2011:1377: postgresql security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): ELSA-2011:1377-01
CVE-2011-2483
Version: 7
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22945
 
Oval ID: oval:org.mitre.oval:def:22945
Title: DEPRECATED: ELSA-2011:1423: php53 and php security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): ELSA-2011:1423-01
CVE-2011-0708
CVE-2011-1148
CVE-2011-1466
CVE-2011-1468
CVE-2011-1469
CVE-2011-1471
CVE-2011-1938
CVE-2011-2202
CVE-2011-2483
Version: 42
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22946
 
Oval ID: oval:org.mitre.oval:def:22946
Title: ELSA-2011:1377: postgresql security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): ELSA-2011:1377-01
CVE-2011-2483
Version: 6
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23086
 
Oval ID: oval:org.mitre.oval:def:23086
Title: ELSA-2011:0196: php53 security update (Moderate)
Description: strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0196-01
CVE-2010-3710
CVE-2010-4156
CVE-2010-4645
Version: 17
Platform(s): Oracle Linux 5
Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23101
 
Oval ID: oval:org.mitre.oval:def:23101
Title: ELSA-2010:0919: php security update (Moderate)
Description: The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
Family: unix Class: patch
Reference(s): ELSA-2010:0919-01
CVE-2009-5016
CVE-2010-0397
CVE-2010-1128
CVE-2010-1917
CVE-2010-2531
CVE-2010-3065
CVE-2010-3870
Version: 33
Platform(s): Oracle Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23307
 
Oval ID: oval:org.mitre.oval:def:23307
Title: ELSA-2011:1378: postgresql84 security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): ELSA-2011:1378-01
CVE-2011-2483
Version: 6
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23479
 
Oval ID: oval:org.mitre.oval:def:23479
Title: ELSA-2011:0195: php security update (Moderate)
Description: strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0195-01
CVE-2009-5016
CVE-2010-3709
CVE-2010-3870
CVE-2010-4645
Version: 21
Platform(s): Oracle Linux 6
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23530
 
Oval ID: oval:org.mitre.oval:def:23530
Title: ELSA-2011:1423: php53 and php security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): ELSA-2011:1423-01
CVE-2011-0708
CVE-2011-1148
CVE-2011-1466
CVE-2011-1468
CVE-2011-1469
CVE-2011-1471
CVE-2011-1938
CVE-2011-2202
CVE-2011-2483
Version: 41
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27015
 
Oval ID: oval:org.mitre.oval:def:27015
Title: DEPRECATED: ELSA-2014-0311 -- php security update (critical)
Description: [5.1.6-44] - add security fixes for CVE-2006-7243, CVE-2009-0689
Family: unix Class: patch
Reference(s): ELSA-2014-0311
CVE-2009-0689
CVE-2006-7243
Version: 4
Platform(s): Oracle Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27656
 
Oval ID: oval:org.mitre.oval:def:27656
Title: DEPRECATED: ELSA-2012-0033 -- php security update (moderate)
Description: [5.1.6-27.4] - add security fixes for CVE-2011-4885, CVE-2011-4566, CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1469, CVE-2011-2202 (#769756)
Family: unix Class: patch
Reference(s): ELSA-2012-0033
CVE-2011-4566
CVE-2011-4885
CVE-2011-0708
CVE-2011-1148
CVE-2011-1466
CVE-2011-1469
CVE-2011-2202
Version: 4
Platform(s): Oracle Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27694
 
Oval ID: oval:org.mitre.oval:def:27694
Title: DEPRECATED: ELSA-2011-1378 -- postgresql84 security update (moderate)
Description: [8.4.9-1.el5_7.1] - Update to PostgreSQL 8.4.9, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-9.html http://www.postgresql.org/docs/8.4/static/release-8-4-8.html including the fix for CVE-2011-2483 Resolves: #740739
Family: unix Class: patch
Reference(s): ELSA-2011-1378
CVE-2011-2483
Version: 4
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27854
 
Oval ID: oval:org.mitre.oval:def:27854
Title: DEPRECATED: ELSA-2011-0196 -- php53 security update (moderate)
Description: [5.3.3-1.1] - add security fixes for CVE-2010-3710, CVE-2010-4156, CVE-2010-4645 (#670463)
Family: unix Class: patch
Reference(s): ELSA-2011-0196
CVE-2010-3710
CVE-2010-4156
CVE-2010-4645
Version: 4
Platform(s): Oracle Linux 5
Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28125
 
Oval ID: oval:org.mitre.oval:def:28125
Title: DEPRECATED: ELSA-2011-1423 -- php53 and php security update (moderate)
Description: [5.3.3-3.3] - improve CVE-2011-1466 fix to cover CAL_GREGORIAN, CAL_JEWISH [5.3.3-3.1] - add security fixes for CVE-2011-2483, CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, and CVE-2011-2202 (#740731)
Family: unix Class: patch
Reference(s): ELSA-2011-1423
CVE-2011-0708
CVE-2011-1148
CVE-2011-1466
CVE-2011-1468
CVE-2011-1469
CVE-2011-1471
CVE-2011-1938
CVE-2011-2202
CVE-2011-2483
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28206
 
Oval ID: oval:org.mitre.oval:def:28206
Title: DEPRECATED: ELSA-2011-0195 -- php security update (moderate)
Description: [5.3.2-6.1] - add security fixes for CVE-2010-3709, CVE-2010-3870, CVE-2009-5016, CVE-2010-4645 (#670461)
Family: unix Class: patch
Reference(s): ELSA-2011-0195
CVE-2009-5016
CVE-2010-3709
CVE-2010-3870
CVE-2010-4645
Version: 4
Platform(s): Oracle Linux 6
Product(s): php
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 373
Application 10

ExploitDB Exploits

id Description
2011-07-04 PHP 5.3.6 Buffer Overflow PoC (ROP) CVE-2011-1938
2011-05-25 PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability
2011-03-18 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)
2011-03-12 PHP <= 5.3.6 shmop_read() Integer Overflow DoS
2011-02-17 PHP 5.3.5 grapheme_extract() NULL Pointer Dereference
2010-12-10 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow
2010-11-05 PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference

OpenVAS Exploits

Date Description
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0426-1 (update)
File : nvt/gb_suse_2012_0426_1.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-210-01 libpng
File : nvt/esoft_slk_ssa_2011_210_01.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-237-01 php
File : nvt/esoft_slk_ssa_2011_237_01.nasl
2012-07-30 Name : CentOS Update for php53 CESA-2011:0196 centos5 x86_64
File : nvt/gb_CESA-2011_0196_php53_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for postgresql CESA-2011:1377 centos4 x86_64
File : nvt/gb_CESA-2011_1377_postgresql_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for postgresql CESA-2011:1377 centos5 x86_64
File : nvt/gb_CESA-2011_1377_postgresql_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for postgresql84 CESA-2011:1378 centos5 x86_64
File : nvt/gb_CESA-2011_1378_postgresql84_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for php53 CESA-2011:1423 centos5 x86_64
File : nvt/gb_CESA-2011_1423_php53_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for php CESA-2012:0033 centos5
File : nvt/gb_CESA-2012_0033_php_centos5.nasl
2012-07-30 Name : CentOS Update for php CESA-2012:0071 centos4
File : nvt/gb_CESA-2012_0071_php_centos4.nasl
2012-07-30 Name : CentOS Update for php CESA-2012:1046 centos6
File : nvt/gb_CESA-2012_1046_php_centos6.nasl
2012-07-30 Name : CentOS Update for php53 CESA-2012:1047 centos5
File : nvt/gb_CESA-2012_1047_php53_centos5.nasl
2012-06-28 Name : RedHat Update for php RHSA-2012:1046-01
File : nvt/gb_RHSA-2012_1046-01_php.nasl
2012-06-28 Name : RedHat Update for php53 RHSA-2012:1047-01
File : nvt/gb_RHSA-2012_1047-01_php53.nasl
2012-06-21 Name : PHP version smaller than 5.2.11
File : nvt/nopsec_php_5_2_11.nasl
2012-06-21 Name : PHP version smaller than 5.2.14
File : nvt/nopsec_php_5_2_14.nasl
2012-06-21 Name : PHP 5.2 < 5.2.15
File : nvt/nopsec_php_5_2_15.nasl
2012-06-21 Name : PHP version smaller than 5.3.1
File : nvt/nopsec_php_5_3_1.nasl
2012-06-21 Name : PHP version smaller than 5.3.3
File : nvt/nopsec_php_5_3_3.nasl
2012-06-21 Name : PHP version smaller than 5.3.4
File : nvt/nopsec_php_5_3_4.nasl
2012-06-14 Name : PHP version 5.3< 5.3.6
File : nvt/nopsec_php_5_3_6.nasl
2012-06-05 Name : RedHat Update for php RHSA-2011:0195-01
File : nvt/gb_RHSA-2011_0195-01_php.nasl
2012-04-02 Name : Fedora Update for maniadrive FEDORA-2011-11464
File : nvt/gb_fedora_2011_11464_maniadrive_fc16.nasl
2012-03-19 Name : Fedora Update for php-eaccelerator FEDORA-2011-11464
File : nvt/gb_fedora_2011_11464_php-eaccelerator_fc16.nasl
2012-03-19 Name : Fedora Update for php FEDORA-2011-11464
File : nvt/gb_fedora_2011_11464_php_fc16.nasl
2012-03-12 Name : Debian Security Advisory DSA 2408-1 (php5)
File : nvt/deb_2408_1.nasl
2012-02-12 Name : Debian Security Advisory DSA 2399-1 (php5)
File : nvt/deb_2399_1.nasl
2012-02-12 Name : Debian Security Advisory DSA 2399-2 (php5)
File : nvt/deb_2399_2.nasl
2012-02-12 Name : FreeBSD Ports: php5, php5-exif
File : nvt/freebsd_php515.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-06 (php)
File : nvt/glsa_201110_06.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base)
File : nvt/glsa_201110_22.nasl
2012-02-06 Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2012-02-01 Name : RedHat Update for php RHSA-2012:0071-01
File : nvt/gb_RHSA-2012_0071-01_php.nasl
2012-01-20 Name : RedHat Update for php RHSA-2012:0033-01
File : nvt/gb_RHSA-2012_0033-01_php.nasl
2012-01-02 Name : Mandriva Update for php MDVSA-2011:197 (php)
File : nvt/gb_mandriva_MDVSA_2011_197.nasl
2011-12-23 Name : Mandriva Update for php-suhosin MDVSA-2011:180 (php-suhosin)
File : nvt/gb_mandriva_MDVSA_2011_180.nasl
2011-11-28 Name : Mandriva Update for glibc MDVSA-2011:178 (glibc)
File : nvt/gb_mandriva_MDVSA_2011_178.nasl
2011-11-11 Name : CentOS Update for postgresql CESA-2011:1377 centos4 i386
File : nvt/gb_CESA-2011_1377_postgresql_centos4_i386.nasl
2011-11-08 Name : Mandriva Update for php MDVSA-2011:165 (php)
File : nvt/gb_mandriva_MDVSA_2011_165.nasl
2011-11-03 Name : CentOS Update for php53 CESA-2011:1423 centos5 i386
File : nvt/gb_CESA-2011_1423_php53_centos5_i386.nasl
2011-11-03 Name : RedHat Update for php53 and php RHSA-2011:1423-01
File : nvt/gb_RHSA-2011_1423-01_php53_and_php.nasl
2011-10-31 Name : Mandriva Update for postgresql MDVSA-2011:161 (postgresql)
File : nvt/gb_mandriva_MDVSA_2011_161.nasl
2011-10-21 Name : CentOS Update for postgresql CESA-2011:1377 centos5 i386
File : nvt/gb_CESA-2011_1377_postgresql_centos5_i386.nasl
2011-10-21 Name : CentOS Update for postgresql84 CESA-2011:1378 centos5 i386
File : nvt/gb_CESA-2011_1378_postgresql84_centos5_i386.nasl
2011-10-21 Name : RedHat Update for postgresql RHSA-2011:1377-01
File : nvt/gb_RHSA-2011_1377-01_postgresql.nasl
2011-10-21 Name : RedHat Update for postgresql84 RHSA-2011:1378-01
File : nvt/gb_RHSA-2011_1378-01_postgresql84.nasl
2011-10-21 Name : Ubuntu Update for php5 USN-1231-1
File : nvt/gb_ubuntu_USN_1231_1.nasl
2011-10-20 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)
File : nvt/gb_macosx_su11-006.nasl
2011-10-14 Name : Ubuntu Update for postgresql-8.4 USN-1229-1
File : nvt/gb_ubuntu_USN_1229_1.nasl
2011-09-21 Name : FreeBSD Ports: php5, php5-sockets
File : nvt/freebsd_php513.nasl
2011-09-20 Name : Fedora Update for maniadrive FEDORA-2011-11528
File : nvt/gb_fedora_2011_11528_maniadrive_fc15.nasl
2011-09-20 Name : Fedora Update for php-eaccelerator FEDORA-2011-11528
File : nvt/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl
2011-09-20 Name : Fedora Update for php FEDORA-2011-11528
File : nvt/gb_fedora_2011_11528_php_fc15.nasl
2011-09-20 Name : Fedora Update for maniadrive FEDORA-2011-11537
File : nvt/gb_fedora_2011_11537_maniadrive_fc14.nasl
2011-09-20 Name : Fedora Update for php-eaccelerator FEDORA-2011-11537
File : nvt/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl
2011-09-20 Name : Fedora Update for php FEDORA-2011-11537
File : nvt/gb_fedora_2011_11537_php_fc14.nasl
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-09-07 Name : PHP 'crypt()' Function Security Bypass Vulnerability
File : nvt/gb_php_crypt_func_sec_bypass_vuln_win.nasl
2011-09-07 Name : PHP Multiple Vulnerabilities (Windows) - Sep 2011
File : nvt/gb_php_mult_vuln_win_sep11.nasl
2011-08-29 Name : PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities
File : nvt/gb_php_49241.nasl
2011-08-27 Name : SuSE Update for glibc,pam-modules,libxcrypt,pwdutils SUSE-SA:2011:035
File : nvt/gb_suse_2011_035.nasl
2011-08-26 Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001)
File : nvt/secpod_macosx_su11-001.nasl
2011-08-09 Name : CentOS Update for php CESA-2010:0919 centos5 i386
File : nvt/gb_CESA-2010_0919_php_centos5_i386.nasl
2011-08-09 Name : CentOS Update for php53 CESA-2011:0196 centos5 i386
File : nvt/gb_CESA-2011_0196_php53_centos5_i386.nasl
2011-08-03 Name : Debian Security Advisory DSA 2262-2 (php5)
File : nvt/deb_2262_2.nasl
2011-08-03 Name : Debian Security Advisory DSA 2266-1 (php5)
File : nvt/deb_2266_1.nasl
2011-07-01 Name : PHP SAPI_POST_HANDLER_FUNC() Security Bypass Vulnerability
File : nvt/secpod_php_sapi_post_handle_security_bypass_vuln_win.nasl
2011-06-03 Name : Mandriva Update for libzip MDVSA-2011:099 (libzip)
File : nvt/gb_mandriva_MDVSA_2011_099.nasl
2011-06-02 Name : PHP 'socket_connect()' Buffer Overflow Vulnerability
File : nvt/secpod_php_bof_vuln_win.nasl
2011-05-12 Name : Debian Security Advisory DSA 2195-1 (php5)
File : nvt/deb_2195_1.nasl
2011-05-12 Name : FreeBSD Ports: php5-exif
File : nvt/freebsd_php5-exif.nasl
2011-05-12 Name : FreeBSD Ports: php5-zip
File : nvt/freebsd_php5-zip0.nasl
2011-05-10 Name : Ubuntu Update for php5 USN-1126-1
File : nvt/gb_ubuntu_USN_1126_1.nasl
2011-05-10 Name : Ubuntu Update for php5 USN-1126-2
File : nvt/gb_ubuntu_USN_1126_2.nasl
2011-04-11 Name : Fedora Update for maniadrive FEDORA-2011-3636
File : nvt/gb_fedora_2011_3636_maniadrive_fc14.nasl
2011-04-11 Name : Fedora Update for php-eaccelerator FEDORA-2011-3636
File : nvt/gb_fedora_2011_3636_php-eaccelerator_fc14.nasl
2011-04-11 Name : Fedora Update for php FEDORA-2011-3636
File : nvt/gb_fedora_2011_3636_php_fc14.nasl
2011-04-11 Name : Fedora Update for maniadrive FEDORA-2011-3666
File : nvt/gb_fedora_2011_3666_maniadrive_fc13.nasl
2011-04-11 Name : Fedora Update for php-eaccelerator FEDORA-2011-3666
File : nvt/gb_fedora_2011_3666_php-eaccelerator_fc13.nasl
2011-04-11 Name : Fedora Update for php FEDORA-2011-3666
File : nvt/gb_fedora_2011_3666_php_fc13.nasl
2011-03-25 Name : Mandriva Update for php MDVSA-2011:052 (php)
File : nvt/gb_mandriva_MDVSA_2011_052.nasl
2011-03-25 Name : Mandriva Update for php MDVSA-2011:053 (php)
File : nvt/gb_mandriva_MDVSA_2011_053.nasl
2011-03-22 Name : PHP 'substr_replace()' Use After Free Vulnerability
File : nvt/secpod_php_use_after_free_vuln.nasl
2011-03-10 Name : PHP 'grapheme_extract()' NULL Pointer Dereference Denial Of Service Vulnerabi...
File : nvt/gb_php_grapheme_extract_dos_vuln.nasl
2011-03-09 Name : PHP 'shmop_read()' Remote Integer Overflow Vulnerability
File : nvt/gb_php_46786.nasl
2011-02-07 Name : PHP 'extract()' Function Security Bypass Vulnerability
File : nvt/gb_php_sec_bypass_vuln.nasl
2011-02-04 Name : RedHat Update for php53 RHSA-2011:0196-01
File : nvt/gb_RHSA-2011_0196-01_php53.nasl
2011-02-01 Name : PHP Multiple Security Bypass Vulnerabilities
File : nvt/gb_php_mult_sec_bypass_vuln.nasl
2011-02-01 Name : PHP 'set_magic_quotes_runtime()' SQL Injection Vulnerability
File : nvt/gb_php_mysqli_sql_injection_vuln.nasl
2011-02-01 Name : PHP Zend and GD Multiple Denial of Service Vulnerabilities
File : nvt/gb_php_zend_mult_dos_vuln.nasl
2011-01-31 Name : PHP MySQLi Extension 'set_magic_quotes_runtime' Function Security-Bypass Weak...
File : nvt/gb_php_46056.nasl
2011-01-31 Name : PHP 'ext/imap/php_imap.c' Use After Free Denial of Service Vulnerability
File : nvt/gb_php_imap_do_open_dos_vuln.nasl
2011-01-24 Name : FreeBSD Ports: pecl-phar
File : nvt/freebsd_pecl-phar.nasl
2011-01-24 Name : FreeBSD Ports: php5-filter
File : nvt/freebsd_php5-filter.nasl
2011-01-24 Name : FreeBSD Ports: php5-imap
File : nvt/freebsd_php5-imap1.nasl
2011-01-24 Name : FreeBSD Ports: php5-zip
File : nvt/freebsd_php5-zip.nasl
2011-01-24 Name : FreeBSD Ports: php5
File : nvt/freebsd_php510.nasl
2011-01-24 Name : FreeBSD Ports: php5
File : nvt/freebsd_php57.nasl
2011-01-24 Name : FreeBSD Ports: php5
File : nvt/freebsd_php58.nasl
2011-01-24 Name : FreeBSD Ports: php5
File : nvt/freebsd_php59.nasl
2011-01-24 Name : Fedora Update for maniadrive-data FEDORA-2011-0321
File : nvt/gb_fedora_2011_0321_maniadrive-data_fc13.nasl
2011-01-24 Name : Fedora Update for maniadrive FEDORA-2011-0321
File : nvt/gb_fedora_2011_0321_maniadrive_fc13.nasl
2011-01-24 Name : Fedora Update for php-eaccelerator FEDORA-2011-0321
File : nvt/gb_fedora_2011_0321_php-eaccelerator_fc13.nasl
2011-01-24 Name : Fedora Update for php FEDORA-2011-0321
File : nvt/gb_fedora_2011_0321_php_fc13.nasl
2011-01-24 Name : Fedora Update for maniadrive-data FEDORA-2011-0329
File : nvt/gb_fedora_2011_0329_maniadrive-data_fc14.nasl
2011-01-24 Name : Fedora Update for maniadrive FEDORA-2011-0329
File : nvt/gb_fedora_2011_0329_maniadrive_fc14.nasl
2011-01-24 Name : Fedora Update for php-eaccelerator FEDORA-2011-0329
File : nvt/gb_fedora_2011_0329_php-eaccelerator_fc14.nasl
2011-01-24 Name : Fedora Update for php FEDORA-2011-0329
File : nvt/gb_fedora_2011_0329_php_fc14.nasl
2011-01-14 Name : Mandriva Update for php-phar MDVSA-2011:004 (php-phar)
File : nvt/gb_mandriva_MDVSA_2011_004.nasl
2011-01-14 Name : Ubuntu Update for php5 vulnerabilities USN-1042-1
File : nvt/gb_ubuntu_USN_1042_1.nasl
2011-01-14 Name : Ubuntu Update for php5 regression USN-1042-2
File : nvt/gb_ubuntu_USN_1042_2.nasl
2011-01-11 Name : Fedora Update for maniadrive FEDORA-2010-18976
File : nvt/gb_fedora_2010_18976_maniadrive_fc14.nasl
2011-01-11 Name : Fedora Update for php-eaccelerator FEDORA-2010-18976
File : nvt/gb_fedora_2010_18976_php-eaccelerator_fc14.nasl
2011-01-11 Name : Fedora Update for php FEDORA-2010-18976
File : nvt/gb_fedora_2010_18976_php_fc14.nasl
2011-01-11 Name : Fedora Update for maniadrive FEDORA-2010-19011
File : nvt/gb_fedora_2010_19011_maniadrive_fc13.nasl
2011-01-11 Name : Fedora Update for php-eaccelerator FEDORA-2010-19011
File : nvt/gb_fedora_2010_19011_php-eaccelerator_fc13.nasl
2011-01-11 Name : Fedora Update for php FEDORA-2010-19011
File : nvt/gb_fedora_2010_19011_php_fc13.nasl
2011-01-10 Name : PHP 'zend_strtod()' Function Floating-Point Value Denial of Service Vulnerabi...
File : nvt/gb_php_45668.nasl
2010-12-28 Name : Mandriva Update for php MDVSA-2010:254 (php)
File : nvt/gb_mandriva_MDVSA_2010_254.nasl
2010-12-28 Name : Mandriva Update for php-intl MDVSA-2010:255 (php-intl)
File : nvt/gb_mandriva_MDVSA_2010_255.nasl
2010-12-09 Name : CentOS Update for php CESA-2010:0919 centos4 i386
File : nvt/gb_CESA-2010_0919_php_centos4_i386.nasl
2010-12-09 Name : RedHat Update for php RHSA-2010:0919-01
File : nvt/gb_RHSA-2010_0919-01_php.nasl
2010-11-23 Name : Mandriva Update for php MDVSA-2010:239 (php)
File : nvt/gb_mandriva_MDVSA_2010_239.nasl
2010-11-23 Name : PHP 'filter_var()' function Stack Consumption Vulnerability
File : nvt/gb_php_stack_consumption_vuln.nasl
2010-11-16 Name : Mandriva Update for php MDVSA-2010:218 (php)
File : nvt/gb_mandriva_MDVSA_2010_218.nasl
2010-11-16 Name : Mandriva Update for php MDVSA-2010:224 (php)
File : nvt/gb_mandriva_MDVSA_2010_224.nasl
2010-11-10 Name : PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability
File : nvt/gb_php_44605.nasl
2010-10-01 Name : PHP 'phar_stream_flush' Format String Vulnerability
File : nvt/secpod_php_format_string_vuln.nasl
2010-09-22 Name : Ubuntu Update for php5 vulnerabilities USN-989-1
File : nvt/gb_ubuntu_USN_989_1.nasl
2010-08-30 Name : Fedora Update for maniadrive FEDORA-2010-11428
File : nvt/gb_fedora_2010_11428_maniadrive_fc12.nasl
2010-08-30 Name : Fedora Update for php-eaccelerator FEDORA-2010-11428
File : nvt/gb_fedora_2010_11428_php-eaccelerator_fc12.nasl
2010-08-30 Name : Fedora Update for php FEDORA-2010-11428
File : nvt/gb_fedora_2010_11428_php_fc12.nasl
2010-08-30 Name : Fedora Update for maniadrive FEDORA-2010-11481
File : nvt/gb_fedora_2010_11481_maniadrive_fc13.nasl
2010-08-30 Name : Fedora Update for php-eaccelerator FEDORA-2010-11481
File : nvt/gb_fedora_2010_11481_php-eaccelerator_fc13.nasl
2010-08-30 Name : Fedora Update for php FEDORA-2010-11481
File : nvt/gb_fedora_2010_11481_php_fc13.nasl
2010-08-02 Name : PHP Versions Prior to 5.3.3/5.2.14 Multiple Vulnerabilities
File : nvt/gb_php_41991.nasl
2010-07-30 Name : Mandriva Update for php MDVSA-2010:139 (php)
File : nvt/gb_mandriva_MDVSA_2010_139.nasl
2010-07-30 Name : Mandriva Update for php MDVSA-2010:140 (php)
File : nvt/gb_mandriva_MDVSA_2010_140.nasl
2010-06-21 Name : PHP 'SplObjectStorage' Unserializer Arbitrary Code Execution Vulnerability
File : nvt/gb_php_40948.nasl
2010-06-15 Name : PHP Multiple Information Disclosure Vulnerabilities
File : nvt/gb_php_mult_info_disc_vuln.nasl
2010-05-17 Name : PHP 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vul...
File : nvt/gb_php_40173.nasl
2010-05-10 Name : PHP 'sqlite_single_query()' and 'sqlite_array_query()' Arbitrary Code Executi...
File : nvt/gb_php_40013.nasl
2010-05-04 Name : PHP 'php_dechunk()' HTTP Chunked Encoding Integer Overflow Vulnerability
File : nvt/gb_php_39877.nasl
2010-02-27 Name : PHP < 5.2.13 Multiple Vulnerabilities
File : nvt/php_5_2_13.nasl
2010-02-15 Name : Mandriva Update for mandriva-release MDVA-2010:058 (mandriva-release)
File : nvt/gb_mandriva_MDVA_2010_058.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-240-04 php
File : nvt/esoft_slk_ssa_2010_240_04.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-357-01 php
File : nvt/esoft_slk_ssa_2010_357_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2011-010-01 php
File : nvt/esoft_slk_ssa_2011_010_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
75200 PHP *alloc Functions Argument Handling Arbitrary Value Injection Overflow

74743 PHP ext/zip/php_zip.c Multiple Function Flag Argument DoS

74742 PHP crypt_blowfish 8-bit Character Password Hash Cleartext Password Disclosure

74739 PHP error_log Function Unspecified DoS

74738 PHP crypt() Function Salt Argument Overflow

74728 PHP extract() Function EXTR_OVERWRITE Parameter Variable Overwriting

74726 PHP crypt() Function MD5 Salt Hash Value Return Weakness

74688 PHP mt_rand Function max Parameter Overflow

74193 PHP PCNTL Extension Concurrent Signal Saturation Race Condition Memory Corrup...

73755 PHP OpenSSL Extension x Function openssl_decrypt Ciphertext Data Memory Leak DoS

73754 PHP OpenSSL Extension openssl_encrypt Function Plaintext Data Memory Leak DoS

73626 PHP Calendar Extension SdnToJulian Function Overflow DoS

73625 PHP Intl Extension NumberFormatter::setSymbol Function Invalid Argument DoS

73624 PHP Streams Component HTTP Proxy FTP Wrapper ftp:// URL DoS

73623 PHP Zip Extension stream_get_contents Function ziparchive Stream Handling DoS

73622 PHP Zip Extension zip_stream.c zip_fread Function Call Integer Signedness Err...

73275 PHP grapheme_extract() Function NULL Dereference DoS

73218 PHP substr_replace Function Repeated Argument Variable Memory Corruption

73113 PHP main/rfc1867.c rfc1867_post_handler Function Traversal Upload File Path I...

72644 PHP ext/sockets/sockets.c socket_connect Function UNIX Socket Pathname Overflow

72533 PHP ZIP Extension zip_name_locate.c _zip_name_locate Function Malformed ZIP A...

72532 PHP phar Extension phar_object.c Multiple Format Strings

72531 PHP strval Function Numerical Argument Handling DoS

71598 PHP ext/shmop/shmop.c shmop_read Function Overflow

71597 PHP Exif Extension (exif.c) Image File Directory (IFD) Parsing DoS

70610 PHP MySQLi Extension set_magic_quotes_runtime Function mysqli_fetch_assoc Fun...

PHP contains a flaw related to the 'set_magic_quotes_runtime' function's failure to properly interact with use of the 'mysqli_fetch_assoc' function. This makes it easier for context-dependent attackers to use crafted input to conduct SQL injection attacks.
70609 PHP Iconv Extension iconv_mime_decode_headers Function Crafted Email Subject ...

PHP contains a flaw related to the 'iconv_mime_decode_headers' function in the Iconv extension fail to properly handle unrecognized encodings. The issue is triggered when a context-dependent attacker to use a crafted subject header in an e-mail to trigger an incomplete output array, which allows them to bypass spam detection or possibly have other unspecified impact.
70608 PHP GD Extension imagepstext Function Anti-aliasing Overflow DoS

PHP is prone to an overflow condition. The GD extension fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. This may allow a context-dependent attacker to cause a denial of service via vectors related to invalid anti-aliasing and the imagepstext function.
70607 PHP Zend Engine Multiple Method Object Reference Access Use-after-free DoS

PHP contains a flaw that may allow a context-dependent denial of service. The issue is triggered when a use-after-free error in the Zend engine occurs, allowing a context-dependent attacker to use vectors related to the '__set', '__get', '__isset' and '__unset' methods to cause a denial of service, or possibly have other unspecified impact.
70606 PHP Pathname \0 Character file_exists Function Access Restriction Bypass

PHP contains a flaw related to the accepting of the \0 character in a pathname. This may allow a context-dependent attacker to bypass access restrictions by combining this character with a safe file extension, such as .php\0.jpg.
70370 PHP strtod.c zend_strtod Function x87 FPU Register DoS

PHP contains a flaw in strtod.c, as used in the function 'zend_strtod' that may allow a context-dependent denial of service. This may allow an attacker to cause an infinite loop denial of service via a certain floating-point value in scientific notation, which x87 FPU registers fail to handle properly.
69660 PHP ext/imap/php_imap.c imap_do_open Function Double-free Memory Corruption

A memory corruption flaw exists in PHP. The 'imap_do_open' function in the IMAP extension 'ext/imap/php_imap.c' fails to sanitize provided user credentials when opening the user mailbox folder resulting in memory corruption. With maliciously crafted user credentials, a local attacker can execute arbitrary code.
69651 PHP NumberFormatter::getSymbol Function Invalid Argument Overflow DoS

PHP is prone to an overflow condition. The 'NumberFormatter::getSymbol' function fails to properly sanitize user-supplied input resulting in an integer overflow. With an invalid argument, a context-dependent attacker can potentially cause a denial of service.
69230 PHP utf8_decode Function UTF-8 Encoding / Data Crafted String Protection Mech...

69227 PHP ext/xml/xml.c xml_utf8_decode Function UTF-8 Encoding Remote Overflow

69110 PHP fopen_wrappers.c Filename Length open_basedir Restriction Remote Bypass

PHP contains a flaw related to the 'php_check_specific_open_basedir()' function in 'fopen_wrappers.c'. The issue is triggered when a remote attacker uses vectors related to filename length to bypass 'open_basedir' restrictions.
69109 PHP ZipArchive::getArchiveComment Function Crafted ZIP Archive NULL Dereferen...

PHP contains a flaw related to the ZipArchive::getArchiveComment function that may allow a context-dependent denial of service. The issue is triggered via a maliciously crafted ZIP archive, and will result in loss of availability.
68597 PHP ext/filter/logical_filters.c php_filter_validate_email() Function Overflo...

PHP is prone to an overflow condition. The 'php_filter_validate_email()' function in 'ext/filter/logical_filters.c' fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted overly long e-mail address string, a remote attacker can potentially cause a denial of service.
67421 PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read Fun...

67420 PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_ok_read Function Arb...

67419 PHP Mysqlnd Extension php_mysqlnd_read_error_from_line Function Negative Buff...

67418 PHP Mysqlnd Extension php_mysqlnd_auth_write Function Multiple Overflows

66805 PHP var_export() Function Fata Error Information Disclosure

66804 PHP strrchr() Function Interruption Array Leak Memory Disclosure

66798 PHP Prefix Character Session Variable Serialization Unspecified Issue

66106 PHP parse_str Function Userspace Interuption Memory Corruption

66105 PHP preg_match Function Userspace Interuption Memory Corruption

66104 PHP unpack / pack Functions Userspace Interuption Memory Corruption

66103 PHP ZEND_FETCH_RW Opcodes Userspace Interuption Memory Corruption

66102 PHP ZEND_*CONCAT Opcodes Userspace Interuption Memory Corruption

66101 PHP ArrayObject::uasort Method Userspace Interuption Memory Corruption

66100 PHP trim / ltrim / rtrim Functions Userspace Interuption Arbitrary Memory Con...

66099 PHP substr_replace Function Userspace Interuption Arbitrary Memory Content Di...

66098 PHP setcookie Function Userspace Interuption Arbitrary Memory Content Disclosure

66097 PHP strip_tags Function Userspace Interuption Arbitrary Memory Content Disclo...

66096 PHP wordwrap Function Userspace Interuption Arbitrary Memory Content Disclosure

66095 PHP Multiple str* Functions Userspace Interuption Arbitrary Memory Content Di...

66094 PHP http_build_query Function Userspace Interuption Arbitrary Memory Disclosure

66093 PHP htmlentities / htmlspecialchars Functions Userspace Interuption Arbitrary...

66087 PHP iconv_* Functions Userspace Interuption Arbitrary Memory Disclosure

66086 PHP phar Extension Multiple Function phar:// URL Handling Format Strings

65755 PHP SplObjectStorage Unserializer Use-after-free Arbitrary Code Execution

65055 PHP Request Shutdown Functionality Stream Context Structure Use-after-free DoS

64664 PHP Zend Engine ZEND_SR opcode Handler convert_to_long_base Function Interrup...

64663 PHP Zend Engine ZEND_SL opcode Handler convert_to_long_base Function Interrup...

64662 PHP Zend Engine ZEND_BW_XOR opcode Handler convert_to_long_base Function Inte...

64608 PHP preg_quote Function Userspace Interruption Memory Disclosure

64607 PHP fnmatch Function Stack Exhaustion DoS

64546 PHP html_entity_decode Function Internal Call Userspace Interruption Memory D...

64545 PHP sysvshm Extension __sleep Function Internal Call Interrupt Arbitrary Memo...

64544 PHP chunk_split Function Internal Function Userspace Interruption Memory Disc...

64527 PHP Dechunk Filter Negative Chunk Size Signed Comparison Bypass DoS

64526 PHP ext/sqlite/sqlite.c Multiple Function Empty SQL Query Arbitrary Code Exec...

64322 PHP addcslashes() Function Userspace Interruption Information Disclosure

63323 PHP Linear Congruential Generator (LCG) uniqid Function Session Cookie Entrop...

62583 PHP tempnam() Function safe_mode Bypass

62582 PHP Session Extension safe_mode / open_basedir Bypass

Snort® IPS/IDS

Date Description
2014-01-10 socket_connect buffer overflow attempt
RuleID : 24195 - Revision : 7 - Type : SERVER-WEBAPP
2014-01-10 socket_connect buffer overflow attempt
RuleID : 24194 - Revision : 4 - Type : SERVER-WEBAPP
2014-01-10 socket_connect buffer overflow attempt
RuleID : 24193 - Revision : 4 - Type : SERVER-WEBAPP
2014-01-10 socket_connect buffer overflow attempt
RuleID : 24192 - Revision : 4 - Type : SERVER-WEBAPP
2014-01-10 PHP 5.3.3 mt_rand integer overflow attempt
RuleID : 24061 - Revision : 3 - Type : SERVER-WEBAPP
2014-01-10 PHP 5.3.3 mt_rand integer overflow attempt
RuleID : 24060 - Revision : 4 - Type : SERVER-WEBAPP
2014-01-10 5.3.3 mt_rand integer overflow attempt
RuleID : 24059 - Revision : 6 - Type : SERVER-WEBAPP
2014-01-10 calendar conversion remote integer overflow attempt
RuleID : 23975 - Revision : 5 - Type : SERVER-WEBAPP
2014-01-10 calendar conversion remote integer overflow attempt
RuleID : 23974 - Revision : 5 - Type : SERVER-WEBAPP
2014-01-10 empty zip file upload attempt
RuleID : 23944 - Revision : 5 - Type : SERVER-WEBAPP
2014-01-10 Invalid global flag attachment attempt
RuleID : 23937 - Revision : 5 - Type : SERVER-WEBAPP
2014-01-10 exif invalid tag data buffer overflow attempt
RuleID : 23796 - Revision : 4 - Type : SERVER-WEBAPP
2014-01-10 use-after-free in substr_replace attempt
RuleID : 23793 - Revision : 4 - Type : SERVER-WEBAPP
2014-01-10 PHP use-after-free in substr_replace attempt
RuleID : 23792 - Revision : 4 - Type : SERVER-WEBAPP
2014-01-10 PHP use-after-free in substr_replace attempt
RuleID : 23791 - Revision : 4 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO
2016-03-01 Name : The remote Debian host is missing a security update.
File : debian_DLA-444.nasl - Type : ACT_GATHER_INFO
2016-01-22 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16993.nasl - Type : ACT_GATHER_INFO
2015-09-08 Name : The remote Debian host is missing a security update.
File : debian_DLA-307.nasl - Type : ACT_GATHER_INFO
2015-08-20 Name : The remote application is affected by multiple vulnerabilities.
File : securitycenter_php_5_4_41.nasl - Type : ACT_GATHER_INFO
2015-06-12 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2015-162-02.nasl - Type : ACT_GATHER_INFO
2015-05-29 Name : The remote Fedora host is missing a security update.
File : fedora_2015-8370.nasl - Type : ACT_GATHER_INFO
2015-05-29 Name : The remote Fedora host is missing a security update.
File : fedora_2015-8383.nasl - Type : ACT_GATHER_INFO
2015-05-27 Name : The remote Fedora host is missing a security update.
File : fedora_2015-8281.nasl - Type : ACT_GATHER_INFO
2015-05-26 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_31de2e1300d211e5a072d050996490d0.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2012-1336-1.nasl - Type : ACT_GATHER_INFO
2015-05-18 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_4_41.nasl - Type : ACT_GATHER_INFO
2015-05-18 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_5_25.nasl - Type : ACT_GATHER_INFO
2015-05-18 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_6_9.nasl - Type : ACT_GATHER_INFO
2014-11-28 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15885.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1615.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-7.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL12650.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL13519.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-182.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-214.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-57.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-849.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_apache2-mod_php5-100812.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_apache2-mod_php5-101110.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_apache2-mod_php5-110309.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_apache2-mod_php5-110601.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_apache2-mod_php5-110907.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_glibc-110729.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_icu-120117.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libxcrypt-110824.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libzip-devel-110321.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_man-pages-110823.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_yast2-core-110822.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_apache2-mod_php5-110601.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_apache2-mod_php5-110907.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_glibc-110729.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_icu-120117.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_libxcrypt-110824.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_libzip-devel-110321.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_man-pages-110823.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_yast2-core-110822.nasl - Type : ACT_GATHER_INFO
2014-03-20 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140318_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-03-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0311.nasl - Type : ACT_GATHER_INFO
2014-03-19 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0311.nasl - Type : ACT_GATHER_INFO
2014-03-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0311.nasl - Type : ACT_GATHER_INFO
2013-12-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131121_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-11-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1615.nasl - Type : ACT_GATHER_INFO
2013-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1615.nasl - Type : ACT_GATHER_INFO
2013-10-11 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130930_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-10-03 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-07.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-12.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0919.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0195.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0196.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1377.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1378.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1423.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0033.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0071.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1046.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1047.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0071.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1047.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_icu-121219.nasl - Type : ACT_GATHER_INFO
2012-10-15 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-8311.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-179.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101129_php_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110203_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110203_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111017_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111017_postgresql_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111102_php53_and_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120118_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120130_php_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120627_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120627_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-07-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1046.nasl - Type : ACT_GATHER_INFO
2012-06-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1046.nasl - Type : ACT_GATHER_INFO
2012-06-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1047.nasl - Type : ACT_GATHER_INFO
2012-04-20 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO
2012-04-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-120309.nasl - Type : ACT_GATHER_INFO
2012-04-03 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_glibc-blowfish-7663.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2408.nasl - Type : ACT_GATHER_INFO
2012-02-06 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-blowfish-110729.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes several security vuln...
File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO
2012-02-01 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2399.nasl - Type : ACT_GATHER_INFO
2012-01-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0071.nasl - Type : ACT_GATHER_INFO
2012-01-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0033.nasl - Type : ACT_GATHER_INFO
2012-01-20 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_icu-120116.nasl - Type : ACT_GATHER_INFO
2012-01-20 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_icu-7928.nasl - Type : ACT_GATHER_INFO
2012-01-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0033.nasl - Type : ACT_GATHER_INFO
2012-01-03 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-197.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-7393.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-7553.nasl - Type : ACT_GATHER_INFO
2011-11-29 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2011-180.nasl - Type : ACT_GATHER_INFO
2011-11-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-178.nasl - Type : ACT_GATHER_INFO
2011-11-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2340.nasl - Type : ACT_GATHER_INFO
2011-11-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-165.nasl - Type : ACT_GATHER_INFO
2011-11-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1423.nasl - Type : ACT_GATHER_INFO
2011-11-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1423.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-161.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1377.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1378.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1231-1.nasl - Type : ACT_GATHER_INFO
2011-10-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1377.nasl - Type : ACT_GATHER_INFO
2011-10-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1378.nasl - Type : ACT_GATHER_INFO
2011-10-14 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_da3d381b0ee611e0becc0022156e8794.nasl - Type : ACT_GATHER_INFO
2011-10-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1229-1.nasl - Type : ACT_GATHER_INFO
2011-10-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO
2011-10-12 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-06.nasl - Type : ACT_GATHER_INFO
2011-09-19 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-11528.nasl - Type : ACT_GATHER_INFO
2011-09-19 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-11537.nasl - Type : ACT_GATHER_INFO
2011-09-12 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-11464.nasl - Type : ACT_GATHER_INFO
2011-09-01 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_yast2-core-110830.nasl - Type : ACT_GATHER_INFO
2011-08-31 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libxcrypt-110824.nasl - Type : ACT_GATHER_INFO
2011-08-31 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_man-pages-110825.nasl - Type : ACT_GATHER_INFO
2011-08-26 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2011-237-01.nasl - Type : ACT_GATHER_INFO
2011-08-24 Name : The remote web server uses a version of PHP that is affected by a security by...
File : php_5_3_8.nasl - Type : ACT_GATHER_INFO
2011-08-22 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_3_7.nasl - Type : ACT_GATHER_INFO
2011-08-20 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_057bf770cac411e0aea300215c6a37bb.nasl - Type : ACT_GATHER_INFO
2011-08-20 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12813.nasl - Type : ACT_GATHER_INFO
2011-08-20 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_glibc-7659.nasl - Type : ACT_GATHER_INFO
2011-08-01 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2011-210-01.nasl - Type : ACT_GATHER_INFO
2011-07-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2266.nasl - Type : ACT_GATHER_INFO
2011-06-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-110601.nasl - Type : ACT_GATHER_INFO
2011-06-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-7554.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1126-1.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1126-2.nasl - Type : ACT_GATHER_INFO
2011-05-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-099.nasl - Type : ACT_GATHER_INFO
2011-05-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libzip-devel-110321.nasl - Type : ACT_GATHER_INFO
2011-05-09 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_libzip1-110321.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_apache2-mod_php5-101105.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_apache2-mod_php5-101110.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_apache2-mod_php5-110309.nasl - Type : ACT_GATHER_INFO
2011-04-22 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_6_3_0_22.nasl - Type : ACT_GATHER_INFO
2011-04-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0196.nasl - Type : ACT_GATHER_INFO
2011-04-07 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-3636.nasl - Type : ACT_GATHER_INFO
2011-04-07 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-3666.nasl - Type : ACT_GATHER_INFO
2011-04-04 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-110310.nasl - Type : ACT_GATHER_INFO
2011-03-27 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-3614.nasl - Type : ACT_GATHER_INFO
2011-03-27 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_cc3bfec656cd11e09668001fd0d616cf.nasl - Type : ACT_GATHER_INFO
2011-03-27 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_fe85366656ce11e09668001fd0d616cf.nasl - Type : ACT_GATHER_INFO
2011-03-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-052.nasl - Type : ACT_GATHER_INFO
2011-03-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-053.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_6_7.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2011-001.nasl - Type : ACT_GATHER_INFO
2011-03-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2195.nasl - Type : ACT_GATHER_INFO
2011-03-18 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_3_6.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0195.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0196.nasl - Type : ACT_GATHER_INFO
2011-01-24 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-0321.nasl - Type : ACT_GATHER_INFO
2011-01-24 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-0329.nasl - Type : ACT_GATHER_INFO
2011-01-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1042-2.nasl - Type : ACT_GATHER_INFO
2011-01-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_1a0704e70edf11e0becc0022156e8794.nasl - Type : ACT_GATHER_INFO
2011-01-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2a41233d10e711e0becc0022156e8794.nasl - Type : ACT_GATHER_INFO
2011-01-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_3761df020f9c11e0becc0022156e8794.nasl - Type : ACT_GATHER_INFO
2011-01-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_736342940fa711e0becc0022156e8794.nasl - Type : ACT_GATHER_INFO
2011-01-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c623f05810e711e0becc0022156e8794.nasl - Type : ACT_GATHER_INFO
2011-01-12 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1042-1.nasl - Type : ACT_GATHER_INFO
2011-01-11 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2011-010-01.nasl - Type : ACT_GATHER_INFO
2011-01-10 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2b6ed5c71a7f11e0b61d000c29d1636d.nasl - Type : ACT_GATHER_INFO
2011-01-07 Name : The remote web server uses a version of PHP that is affected by a denial of s...
File : php_5_3_5.nasl - Type : ACT_GATHER_INFO
2011-01-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-18976.nasl - Type : ACT_GATHER_INFO
2011-01-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-19011.nasl - Type : ACT_GATHER_INFO
2010-12-26 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-357-01.nasl - Type : ACT_GATHER_INFO
2010-12-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-254.nasl - Type : ACT_GATHER_INFO
2010-12-13 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_15.nasl - Type : ACT_GATHER_INFO
2010-12-13 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_3_4.nasl - Type : ACT_GATHER_INFO
2010-12-03 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-101105.nasl - Type : ACT_GATHER_INFO
2010-12-03 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-7221.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0919.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-100805.nasl - Type : ACT_GATHER_INFO
2010-11-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0919.nasl - Type : ACT_GATHER_INFO
2010-11-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-239.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-224.nasl - Type : ACT_GATHER_INFO
2010-11-01 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-218.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-7110.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_apache2-mod_php5-100928.nasl - Type : ACT_GATHER_INFO
2010-09-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-989-1.nasl - Type : ACT_GATHER_INFO
2010-09-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_apache2-mod_php5-100813.nasl - Type : ACT_GATHER_INFO
2010-08-29 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-240-04.nasl - Type : ACT_GATHER_INFO
2010-08-24 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-11428.nasl - Type : ACT_GATHER_INFO
2010-08-24 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-11481.nasl - Type : ACT_GATHER_INFO
2010-08-24 Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-005.nasl - Type : ACT_GATHER_INFO
2010-08-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2089.nasl - Type : ACT_GATHER_INFO
2010-08-04 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_14.nasl - Type : ACT_GATHER_INFO
2010-08-04 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_3_3.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-139.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-140.nasl - Type : ACT_GATHER_INFO
2010-03-11 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-058.nasl - Type : ACT_GATHER_INFO
2010-02-26 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_13.nasl - Type : ACT_GATHER_INFO
2009-11-20 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_3_1.nasl - Type : ACT_GATHER_INFO
2009-09-18 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_11.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:37:00
  • Multiple Updates