Showing 1 - 6 of 6

CVE-2008-5624

Status Candidate

Overview

PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable.

Related Files

Gentoo Linux Security Advisory 201001-3: Posted Jan 5, 2010; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201001-3 - Multiple vulnerabilities were found in PHP, the worst of which leading to the remote execution of arbitrary code. Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below and the associated PHP release notes for details. Versions less than 5.2.12 are affected.; tags | advisory, remote, arbitrary, php, vulnerability; systems | linux, gentoo; advisories | CVE-2008-5498, CVE-2008-5514, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658, CVE-2008-5814, CVE-2008-5844, CVE-2008-7002, CVE-2009-0754, CVE-2009-1271, CVE-2009-1272, CVE-2009-2626, CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3546; SHA-256 | aff1f9bdb3800d54675a65671b47a6ba413ece16b6ab47e89279c16cfaa490a7; Download | Favorite | View

HP Security Bulletin HPSBUX02465 SSRT090192: Posted Oct 23, 2009; Authored by Hewlett Packard | Site hp.com; HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.; tags | advisory, web, denial of service, vulnerability, xss; systems | hpux; advisories | CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624; SHA-256 | 917f5771b1ecaed534503ff6b3384773b7597e104b42f7ed74b05115d49f2b09; Download | Favorite | View

HP Security Bulletin HPSBUX02431 SSRT090085: Posted Jul 2, 2009; Authored by Hewlett Packard | Site hp.com; HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code. Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.; tags | advisory, web, denial of service, arbitrary, vulnerability; systems | hpux; advisories | CVE-2007-4465, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658; SHA-256 | 188b9f0db86834082088170fd33ebb8a50552ab4a702ee3c2405d86f177e52e0; Download | Favorite | View

Debian Linux Security Advisory 1789-1: Posted May 5, 2009; Authored by Debian | Site debian.org; Debian Security Advisory 1789-1 - Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor.; tags | advisory, remote, php, vulnerability; systems | linux, debian; advisories | CVE-2008-2107, CVE-2008-2108, CVE-2008-5557, CVE-2008-5624, CVE-2008-5658, CVE-2008-5814, CVE-2009-0754, CVE-2009-1271; SHA-256 | 100a5040d4193726e6aaec8b6a7e78375f9a96e618e105219e44df555dd8498e; Download | Favorite | View

Mandriva Linux Security Advisory 2009-045: Posted Feb 20, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-045 - A number of vulnerabilities have been found and correct in PHP. The updated packages have been patched to correct these issues.; tags | advisory, php, vulnerability; systems | linux, mandriva; advisories | CVE-2008-5557, CVE-2008-5658, CVE-2008-5624, CVE-2008-5625; SHA-256 | 464ba2eaffec51fde6159e226f1d27cab7a06d4787b887a8a366bbb71592a068; Download | Favorite | View

Ubuntu Security Notice 720-1: Posted Feb 12, 2009; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice USN-720-1 - A significant amount of vulnerabilities in PHP 5 have been addressed. These range from security bypass to denial of service issues.; tags | advisory, denial of service, php, vulnerability; systems | linux, ubuntu; advisories | CVE-2007-3996, CVE-2007-5900, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658; SHA-256 | a31f39cf30e5eb073f9dc121d4e40f5b0fdbb62143587c9dc60669c009e7c708; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 324 files
Ubuntu 49 files
Gentoo 32 files
Debian 21 files
Apple 9 files
malvuln 6 files
nu11secur1ty 5 files
Google Security Research 4 files
Jann Horn 4 files
Adam Gowdiak 4 files

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,044)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,776)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,910)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,514)
UNIX (9,404)
UnixWare (187)
Windows (6,660)
Other

CVE-2008-5624

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems