|
Web Servers : Apache Mod_SSL Apache-SSL Buffer Overflow Vulnerability | |
|
Port |
80 |
|
Description |
A buffer overflow vulnerability exists in mod_ssl and Apache-SSL that may allow for attackers to execute arbitrary code. The overflow exists when the modules attempt to cache SSL sessions. Vulnerable versions of mod_ssl and Apache-SSL are incapable of handling large session representations. |
|
Hot to fix |
Upgrading to the most recent version of mod_ssl or Apache-SSL. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
FTP Servers : Multiple FTP Server Virtual User File Removal Vulnerability | |
|
Port |
21 |
|
Description |
Under some circumstances, it may be possible for users to remove files that have been placed in an FTP archive by other users. A file placed by one user may be delete by another user with insufficient permissions, though the target file may not be overwritten. This problem has been reported to occur in the instance of the virtual user feature of FTP servers being used on Solaris systems. |
|
Hot to fix |
Update to the latest version of FTP Server. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
FTP Servers : NcFTP Local Information Disclosure Vulnerability | |
|
Port |
21 |
|
Description |
NcFTP has been reported prone to a local information disclosure vulnerability. The issue presents itself because the NcFTP client does not correctly obfuscate arguments that are passed to the client software. If NcFTP client has been launched with an ftp site URI as an argument, this argument will be visible in the 'ps -aux' process list. |
|
Hot to fix |
Upgrading to the most recent version of ncftpd Server. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
FTP Servers : ncftpd STAT File Globbing Remote Buffer Overflow Vulnerability | |
|
Port |
21 |
|
Description |
A vulnerability has been reported for ncftpd. The problem occurs in the STAT function when used in conjuction with file globbing. This issue can be triggered by a malicious STAT request for a directory with a filename of excessive length. The problem is due to filename expansion which is due to special characters used during the request. It should be noted that this vulnerability has been reported to exist in version 2.7.1. Symantec has not yet been able to verify the existence of this bug. |
|
Hot to fix |
Upgrading to the most recent version of ncftpd Server. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP array_pad() Integer Overflow Memory Corruption Vulnerability | |
|
Port |
80 |
|
Description |
A vulnerability has been reported in PHP. The problem occurs in the array_pad() function and may allow an attacker to corrupt memory. The affected function reportedly fails to ensure that proper boundary checks are performed on values supplied by a malicious user. This may result in an integer overflow when array_pad() is called with an overly long value for its second argument. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP DLOpen Arbitrary Web Server Process Memory Vulnerability | |
|
Port |
80 |
|
Description |
A problem has been reported in the dlopen function of PHP when used with the Apache web server. Because of this, an attacker may be able to gain unauthorized access to potentially sensitive information. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP emalloc() Unspecified Integer Overflow Memory Corruption Vulnerability | |
|
Port |
80 |
|
Description |
A vulnerability has been reported in PHP version 4.3.1 and earlier. The problem occurs in the emalloc() function and may allow an attacker to corrupt memory. The affected function reportedly fails to ensure that proper boundary checks are performed on values supplied by a malicious user. This may result in an integer overflow when emalloc() attempts to allocate memory. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP Glob Function Local Information Disclosure Vulnerability | |
|
Port |
80 |
|
Description |
A local information disclosure vulnerability affects PHP. This issue is due to a design error that presents potentially sensitive information to users within error messages.An attacker may leverage this issue to reveal filenames and therefore the existence of files on an affected computer. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP Input Ouput Wrapper Remote Include Function Command Execution Weakness | |
|
Port |
80 |
|
Description |
PHP is reportedly affected by an arbitrary command execution weakness through the PHP include() function. This issue is due to a design error that allows the execution of attacker supplied POST PHP commands when URI data is used as an argument to an 'include()' function. This issue affect the PHP module itself; however the problem only presents itself when an application uses a user-supplied URI parameter as an argument to the 'include()' function. This issue is reported to affect all version of PHP since 3.0.13. Furthermore this issue is not resolved by setting the 'php.ini' variable 'allow_url_fopen' to off. Successful exploitation of this issue will allow an attacker to execute arbitrary PHP code on the affected computer; this will allow the execution of commands to the underlying operating system with the privileges of the affected web server process. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP memory_limit Remote Code Execution Vulnerability | |
|
Port |
80 |
|
Description |
Reportedly PHP modules compiled with memory_limit support are affected by a remote code execution vulnerability. This issue is due to a failure of the PHP module to properly handle memory_limit request termination. This issue is reportedly exploitable by exploiting the Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability (BID 10619); an attacker can cause premature termination during critical code execution. It should be noted that although the above-mentioned Apache vulnerability is the only known attack vector, there might be other attack vectors that are currently unknown. An attacker can exploit this issue to execute arbitrary code on an affected computer within the context of the vulnerable application, facilitating unauthorized access. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP openlog() Buffer Overflow Vulnerability | |
|
Port |
80 |
|
Description |
A buffer overflow has been reported in the PHP openlog() function. By passing an argument of excessive size to the function, it may be possible for an attacker to overwrite memory, resulting in a denial of service. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary commands within the PHP interpreter. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP PHPInfo Cross-Site Scripting Vulnerability | |
|
Port |
80 |
|
Description |
Scripts that include the PHP phpinfo() debugging function may be prone to cross-site scripting attacks. This could permit remote attackers to create a malicious link to a vulnerable PHP script that includes hostile client-side script code or HTML. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP socket_iovec_alloc() Integer Overflow Vulnerability | |
|
Port |
80 |
|
Description |
A vulnerability has been reported in PHP versions 4.3.1 and earlier. The problem occurs in the socket_iovec_alloc() and may allow an attacker to corrupt memory. Specifically, the affected function fails to carry out sanity checks on user-supplied argument values, making it prone to an integer overflow. This may make it possible for an attacker to trigger a denial of service. Although it has not been confirmed, it may also be possible to exploit this issue to execute arbitrary code. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP socket_recv() Signed Integer Memory Corruption Vulnerability | |
|
Port |
80 |
|
Description |
A vulnerability has been reported in PHP versions 4.3.1 and earlier. The problem occurs in the socket_recv() and may allow an attacker to corrupt memory. Specifically, the affected function fails to carry out sanity checks on user-supplied argument values, making it prone to an integer overflow. This may make it possible for an attacker to trigger a denial of service. Although it has not been confirmed, it may also be possible to exploit this issue to execute arbitrary code. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability | |
|
Port |
80 |
|
Description |
A vulnerability has been reported in PHP versions 4.3.1 and earlier. The problem occurs in the socket_recvfrom() and may allow an attacker to corrupt memory. Specifically, the affected function fails to carry out sanity checks on user-supplied argument values, making it prone to an integer overflow. This may make it possible for an attacker to trigger a denial of service. Although it has not been confirmed, it may also be possible to exploit this issue to execute arbitrary code. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP STR_Repeat Boundary Condition Error Vulnerability | |
|
Port |
80 |
|
Description |
It has been reported that a buffer overrun exists in the PHP program. Because of this, an attacker may be able to execute arbitrary code. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP Strip_Tags() Function Bypass Vulnerability | |
|
Port |
80 |
|
Description |
It is reported that it is possible to bypass PHPs strip_tags() function. It is reported that under certain circumstances, PHPs strip_tags() function will improperly leave malformed tags in place. This vulnerability may mean that previously presumed-safe web applications could contain multiple cross-site scripting and HTML injection vulnerabilities when viewed by Microsoft Internet Explorer or Apple Safari web browsers. It is reported that 'magic_quotes_gpc' must be off for PHP to be vulnerable to this issue. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP Transparent Session ID Cross Site Scripting Vulnerability | |
|
Port |
80 |
|
Description |
A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting this vulnerability by constructing a malicious link containing script code embedded within this variable. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP4 Base64_Encode() Integer Overflow Vulnerability | |
|
Port |
80 |
|
Description |
PHP4 has been reported prone to a potential integer overflow vulnerability. The issue is reported to present itself in the base64_encode() function that is distributed as part of the PHP4 API. Although unconfirmed it has been conjectured that this issue may be due to an unsigned integer value wrapping to a value of zero. This value may then be used in boundary controls, or in arithmetic that may potentially influence execution flow or result in the corruption of sensitive regions of memory. It is currently unknown whether this condition is exploitable or not. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP4 Multiple Vulnerabilities | |
|
Port |
80 |
|
Description |
PHP have released an upgrade to address multiple vulnerabilities, including integer overflow issues that have been reported to affect PHP4 and bundled software. Exploitation of these issues may have varying impacts, although unconfirmed potentially resulting in a denial of service or ultimately arbitrary code execution. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : PHP4 Readfile Denial Of Service Vulnerability | |
|
Port |
80 |
|
Description |
PHP4 is reported prone to a denial of service vulnerability. It is reported that the PHP 'readfile()' function may be utilized to trigger this issue.An attacker that has access to a PHP enabled web host may exploit this vulnerability to crash the HTTP server that is incorporating the vulnerable PHP module. |
|
Hot to fix |
Upgrade to the current version of PHP. |
|
Risk level |
High |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|
|
Web Servers : Apache Utilities Insecure Temporary File Creation Vulnerability | |
|
Port |
80 |
|
Description |
A local insecure temporary file creation vulnerability reportedly affects Apache Software Foundation Apache Utilities. This issue is due to a failure of the affected utility to securely create temporary files in world writable locations.An attacker may leverage this issue to corrupt, write to or create arbitrary files with the privileges of the user or process running the vulnerable script. |
|
Hot to fix |
Upgrade to the current version of Apache. |
|
Risk level |
Medium |
|
Related Links |
|
|
CVE |
|
|
Bugtraq ID |
|