PHP *_ecalloc* Integer Overflow Vulnerability More about

Posted on Thursday, October 05, 2006 @ 15:49:19 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA22280

VERIFY ADVISORY: http://secunia.com/advisories/22280/

CRITICAL: Moderately critical

IMPACT: DoS, System access

WHERE: >From remote

SOFTWARE: PHP 5.1.x - http://secunia.com/product/6796/

DESCRIPTION: A vulnerability has been reported in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to an integer overflow within the "_ecalloc" function. This can potentially be exploited to execute arbitrary code via specially crafted requests if a PHP script allocates memory based on attacker supplied data.

SOLUTION: The vulnerability has been fixed in the CVS repository: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162

PROVIDED AND/OR DISCOVERED BY: Disclosed via vendor CVS commit.

ORIGINAL ADVISORY: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162


 

 

osCommerce *page/zpage* Cross-Site Scripting Vulnerabilities More about Read More...

Posted on Thursday, October 05, 2006 @ 13:11:40 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA22275

VERIFY ADVISORY: http://secunia.com/advisories/22275/

CRITICAL: Less critical

IMPACT: Cross Site Scripting

WHERE: >From remote

SOFTWARE: osCommerce 2.x - http://secunia.com/product/1308/

DESCRIPTION: Some vulnerabilities have been reported in osCommerce, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "page" parameter in multiple files and to the "zpage" parameter in admin/geo_zones.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrator's browser session in context of an affected site. The vulnerabilities have been reported in osCommerce 2.2 Milestone 2 Update 060817. Other versions may also be affected.

Affected files: Read More...


 

 

PHP *open_basedir* Symlink Security Bypass Vulnerability More about

Posted on Thursday, October 05, 2006 @ 13:04:42 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA22235

VERIFY ADVISORY: http://secunia.com/advisories/22235/

CRITICAL: Less critical

IMPACT: Security Bypass

WHERE: Local system

SOFTWARE:
PHP 5.1.x - http://secunia.com/product/6796/
PHP 5.0.x - http://secunia.com/product/3919/
PHP 4.4.x - http://secunia.com/product/5768/
PHP 4.3.x - http://secunia.com/product/922/
PHP 4.2.x - http://secunia.com/product/105/
PHP 4.1.x - http://secunia.com/product/1654/
PHP 4.0.x - http://secunia.com/product/1655/

DESCRIPTION: Stefan Esser has reported a vulnerability in PHP, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to a race condition in the handling of symlinks and can be exploited to bypass the open_basedir protection mechanism. The vulnerability has been reported in PHP4 and PHP5.

SOLUTION: Disable the "symlink()" function in php.ini.

PROVIDED AND/OR DISCOVERED BY: Stefan Esser

ORIGINAL ADVISORY: http://www.hardened-php.net/advisory_082006.132.html


 

 

phpBB *avatar_path* PHP Code Execution Vulnerability More about

Posted on Thursday, October 05, 2006 @ 12:59:26 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA22188

VERIFY ADVISORY: http://secunia.com/advisories/22188/

CRITICAL: Less critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: phpBB 2.x - http://secunia.com/product/463/

DESCRIPTION: ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "avatar_path" parameter in admin/admin_board.php is not properly sanitized before being used as a configuration variable to store avatar images. This can be exploited to upload and execute arbitrary PHP code by changing "avatar_path" to a file with a trailing NULL byte. Successful exploitation requires privileges to the administration section. The vulnerability has been confirmed in version 2.0.21. Other versions may also be affected.

SOLUTION: Grant only trusted users access to the administration section. Edit the source code to ensure that input is properly sanitized.

PROVIDED AND/OR DISCOVERED BY: ShAnKaR


 

 

Nuke-Cast v1.9.p2 [Update] More about

Posted on Wednesday, October 04, 2006 @ 12:50:10 CDT in Add-Ons
by Raven

djdiz-e writes:  
The Shoutcast Status Module for PHP-Nuke.
by DJ DiZ-E - http://www.urbanclubbers.com

Fixed to work with Latest PHP-Nuke Patched Series

Nuke-Cast shows detailed shoutcast server status.

Current Listeners
Bitrate
Current song, 9 played songs
Total Listeners
Total hits to server
DJs Icq
DJs Aol IM handle
Average time spent listening
Genre for station
Peak users Stats

DEMO
DOWNLOAD


 

 

phpMyAdmin 2.9 0 1 available - testrun the online-demo More about

Posted on Wednesday, October 04, 2006 @ 12:45:28 CDT in phpMyAdmin
by Raven

NukeEvangelist writes:  
phpMyAdmin Version 2.9.0.1 from www.phpmyadmin.net.

get the latest code - testrun the newest db-admin-tool today online.


have more fun in db-adminstration !


 



Page 273 of 659 (3950 total stories) [ << | < | 268 | 269 | 270 | 271 | 272 | 273 | 274 | 275 | 276 | 277 | 278 | > | >> ]  

News ©

Site Info

Last SeenLast Seen
  • Raven
  • rhineus
Server TrafficServer Traffic
  • Total: 567,818,999
  • Today: 43,485
Server InfoServer Info
  • Jun 26, 2026
  • 10:51 am CDT
 
 

Site Navigation