This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
07f3fe15-a9de-11d9-a788-0001020eed82 | php -- readfile() DoS vulnerability A SUSE Security advisory reports:
Discovery 2004-01-25 Entry 2005-04-10 mod_php4-twig php4-cgi php4-cli php4-dtc php4-horde php4-nms php4 < 4.3.5_7 mod_php mod_php4 < 4.3.5_7,1 12665 CVE-2005-0596 http://bugs.php.net/bug.php?id=27037 http://www.novell.com/linux/security/advisories/2005_06_sr.html |
562a3fdf-16d6-11d9-bc4a-000c41e2cdad | php -- vulnerability in RFC 1867 file upload processing Stefano Di Paola discovered an issue with PHP that could allow someone to upload a file to any directory writeable by the httpd process. Any sanitizing performed on the prepended directory path is ignored. This bug can only be triggered if the $_FILES element name contains an underscore. Discovery 2004-09-15 Entry 2004-09-15 Modified 2004-10-12 php4 php4-cgi le 4.3.8_2 mod_php4 le 4.3.8_2,1 php5 php5-cgi le 5.0.1 mod_php5 le 5.0.1,1 http://marc.theaimsgroup.com/?l=bugtraq&m=109534848430404 http://marc.theaimsgroup.com/?l=bugtraq&m=109648426331965 |
d47e9d19-5016-11d9-9b5f-0050569f0001 | php -- multiple vulnerabilities Secunia reports:
Discovery 2004-12-16 Entry 2004-12-17 Modified 2004-12-18 mod_php4-twig php4-cgi php4-cli php4-dtc php4-horde php4-nms php4 < 4.3.10 mod_php mod_php4 ge 4 lt 4.3.10,1 php5 php5-cgi php5-cli < 5.0.3 mod_php5 < 5.0.3,1 http://secunia.com/advisories/13481/ CVE-2004-1019 CVE-2004-1065 http://www.php.net/release_4_3_10.php http://www.hardened-php.net/advisories/012004.txt |
dd7aa4f1-102f-11d9-8a8a-000c41e2cdad | php -- memory_limit related vulnerability Stefan Esser of e-matters discovered a condition within PHP that may lead to remote execution of arbitrary code. The memory_limit facility is used to notify functions when memory contraints have been met. Under certain conditions, the entry into this facility is able to interrupt functions such as zend_hash_init() at locations not suitable for interruption. The result would leave these functions in a vulnerable state.
Discovery 2004-07-07 Entry 2004-09-27 Modified 2004-10-02 mod_php4-twig php4 php4-cgi php4-cli php4-dtc php4-horde php4-nms le 4.3.7_3 mod_php4 le 4.3.7_3,1 php5 php5-cgi php5-cli le 5.0.0.r3_2 mod_php5 le 5.0.0.r3_2,1 CVE-2004-0594 http://marc.theaimsgroup.com/?l=bugtraq&m=108981780109154 http://security.e-matters.de/advisories/112004.html 10725 |
ad74a1bd-16d2-11d9-bc4a-000c41e2cdad | php -- php_variables memory disclosure Stefano Di Paola reports:
Discovery 2004-09-15 Entry 2004-10-05 mod_php4-twig php4-cgi php4-cli php4-dtc php4-horde php4-nms php4 le 4.3.8_2 mod_php mod_php4 ge 4 le 4.3.8_2,1 php5 php5-cgi php5-cli le 5.0.1 mod_php5 le 5.0.1,1 http://marc.theaimsgroup.com/?l=bugtraq&m=109527531130492 |
6821a2db-4ab7-11da-932d-00055d790c25 | PHP -- multiple vulnerabilities A Secunia Advisory reports:
Discovery 2005-10-31 Entry 2005-11-01 mod_php4-twig php4-cgi php4-cli php4-dtc php4-horde php4-nms php4 < 4.4.1 mod_php mod_php4 ge 4 lt 4.4.1,1 http://secunia.com/advisories/17371/ |
edf61c61-0f07-11d9-8393-000103ccf9d6 | php -- strip_tags cross-site scripting vulnerability Stefan Esser of e-matters discovered that PHP's strip_tags() function would ignore certain characters during parsing of tags, allowing these tags to pass through. Select browsers could then parse these tags, possibly allowing cross-site scripting attacks. Discovery 2004-07-07 Entry 2004-09-27 Modified 2013-06-19 mod_php4-twig php4 php4-cgi php4-cli php4-dtc php4-horde php4-nms le 4.3.7_3 mod_php4 le 4.3.7_3,1 php5 php5-cgi php5-cli le 5.0.0.r3_2 mod_php5 le 5.0.0.r3_2,1 CVE-2004-0595 http://marc.theaimsgroup.com/?l=bugtraq&m=108981589117423 http://security.e-matters.de/advisories/122004.html 10724 |