Articles
Image pour le titre du contenu

This document is also available in English en 

Voici un aperçu du mois de la sécurité de Stefan Esser, en fonction des versions de PHP.

Vulnerabilité Versions 5 Versions 4 Extra
PHP 5.2.0 Memory Manager Signed Comparision Vulnerability 5.2.
PHP msg_receive() Memory Allocation Integer Overflow Vulnerabilty <= 5.2. <= 4.4.4
PHP 5 php_stream_filter_create() Off By One Vulnerablity <= 5.2. 1
PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability <= 5.2. <= 4.4.4 sqlite
PHP imap_mail_compose() Boundary Stack Buffer Overflow Vulnerability <= 5.2. <= 4.4.4 imap
PHP str_replace() Memory Allocation Integer Overflow Vulnerability <= 5.2. <= 4.4.4
PHP printf() Family 64 Bit Casting Vulnerabilities <= 5.2. <= 4.4.4
PHP iptcembed() Interruption Information Leak Vulnerability <= 5.2.1 <= 4.4.6 Zend Engine
PHP session.save_path open_basedir Bypass Vulnerability <= 5.2.0 <= 4.4.4
PHP 4 zip_entry_read() Integer Overflow Vulnerability Non <= 4.4.4 zip
PHP mail() Header Injection Through Subject and To Parameters <= 5.2.1 <= 4.4.6
PHP mail() Message ASCIIZ Byte Truncation <= 5.2.1 <= 4.4.6
PHP 4.4.5/4.4.6 session_decode() Double Free Vulnerability 4.4.5 à 4.4.6
PHP _SESSION Deserialization Overwrite Vulnerability <= 5.2.0 <= 4.4.5
PHP _SESSION unset() Vulnerability <= 5.2.0 <= 4.4.5 session
PHP 5.2.1 unserialize() Information Leak Vulnerability 5.2.1
PHP hash_update_file() Already Freed Resource Access Vulnerability <= 5.2.1
PHP ext/gd Already Freed Resource Access Vulnerability <= 5.2.1 <= 4.4.6
PHP mb_parse_str() register_globals Activation Vulnerability <= 5.2.1 <= 4.4.6
PHP header() Space Trimming Buffer Underflow Vulnerability 5.2.0
PHP 5 Rejected Session Identifier Double Free Vulnerability 5.2.0 à 5.2.1 Non
PHP session_regenerate_id() Double Free Vulnerability 5.2.0 à 5.2.1 Non
PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability <= 5.2.1 bzip2
PHP zip:// URL Wrapper safemode and open_basedir Bypass Vulnerability <= 5.2.1 zip
PHP ext/filter Space Trimming Buffer Underflow Vulnerability 5.2.0 filter
PHP ext/filter HTML Tag Stripping Bypass Vulnerability 5.2.0 filter
PHP ext/filter FDF Post Bypass Vulnerability fdf
PHP zip:// URL Wrapper Buffer Overflow Vulnerability 5.2.0 zip <= 1.8.3
PHP shmop Functions Resource Verification Vulnerability <= 5.2.0 <= 4.4.4
PHP substr_compare() Information Leak Vulnerability <= 5.2.1
PHP 4 Ovrimos Extension Multiple Vulnerabilities Non <= 4.4.6 Ovrimos
mod_security POST Rules Bypass Vulnerability mod_security
PHP WDDX Session Deserialization Information Leak Vulnerability <= 5.2.0 <= 4.4.4
PHP php_binary Session Deserialization Information Leak Vulnerability <= 5.2.0 <= 4.4.4
PHP wddx_deserialize() String Append Buffer Overflow Vulnerability CVS CVS wddx
PHP 4 phpinfo() XSS Vulnerability (Deja-vu) 4.4.3 à 4.4.6
Zend Platform ini_modifier Local Root Vulnerability Zend Platform <= 2.2.3
Zend Platform Insecure File Permission Local Root Vulnerability Zend Platform <= 2.2.3
PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability <= 5.2.0 <= 4.4.4
PHP 4 unserialize() ZVAL Reference Counter Overflow Non <= 4.4.4
PHP Variable Destructor Deep Recursion Stack Overflow Toutes Toutes
PHP Executor Deep Recursion Stack Overflow Toutes Toutes
PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability Non Toutes

Commentaires

Vous pouvez ajouter votre commentaire!


Vous devez vous connecter pour commenter