exploits , vulnerabilities , articles , PHP Version 5.2.0 and Prior Multiple Vulnerabilities

Title	PHP Version 5.2.0 and Prior Multiple Vulnerabilities
Published	2007-02-09-12:00AM
Updated	2007-03-08-05:25PM
Class	Input Validation Error
CVE	CVE-2007-0906 VE-2007-0907 E-2007-0908 C -2007-0909 CV 2007-0910
Remote	Yes
Local	Yes
Credit	The vendor disclosed these issues.
Vulnerable	Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Slackware Linux 10.2 Slackware Linux 11.0 SGI ProPack 3.0 SP6 rPath rPath Linux 1 RedHat Stronghold for Enterprise Linux 0 RedHat Fedora Core6 RedHat Fedora Core5 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Desktop 4.0 RedHat Desktop 3.0 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP PHP 5.1.2 PHP PHP 5.1.1 PHP PHP 5.1 PHP PHP 5.0.5 PHP PHP 5.0.4 PHP PHP 5.0.3 PHP PHP 5.0.2 PHP PHP 5.0.1 PHP PHP 5.0 candidate 3 PHP PHP 5.0 candidate 2 PHP PHP 5.0 candidate 1 PHP PHP 5.0 .0 PHP PHP 4.4.4 PHP PHP 4.4.3 PHP PHP 4.4.2 PHP PHP 4.4.1 PHP PHP 4.4 .0 PHP PHP 4.3.11 PHP PHP 4.3.10 PHP PHP 4.3.9 PHP PHP 4.3.8 MandrakeSoft Linux Mandrake 10.1 x86_64 MandrakeSoft Linux Mandrake 10.1 S.u.S.E. Linux Personal 9.2 Turbolinux Turbolinux Server 10.0 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 PHP PHP 4.3.7 PHP PHP 4.3.6 PHP PHP 4.3.5 PHP PHP 4.3.4 PHP PHP 4.3.3 PHP PHP 4.3.2 PHP PHP 4.3.1 PHP PHP 4.3 PHP PHP 4.2.3 PHP PHP 4.2.2 PHP PHP 4.2.1 FreeBSD FreeBSD 4.6 FreeBSD FreeBSD 4.5 FreeBSD FreeBSD 4.4 FreeBSD FreeBSD 4.3 Slackware Linux 8.1 PHP PHP 4.2 .0 PHP PHP 4.2 dev PHP PHP 4.1.2 PHP PHP 4.1.1 PHP PHP 4.1 .0 S.u.S.E. Linux 8.0 i386 S.u.S.E. Linux 8.0 PHP PHP 4.0.7 RC3 PHP PHP 4.0.7 RC2 PHP PHP 4.0.7 RC1 PHP PHP 4.0.7 PHP PHP 4.0.6 PHP PHP 4.0.5 PHP PHP 4.0.4 PHP PHP 4.0.3 pl1 S.u.S.E. Linux 6.4 ppc S.u.S.E. Linux 6.4 i386 S.u.S.E. Linux 6.4 alpha S.u.S.E. Linux 6.4 PHP PHP 4.0.3 Debian Linux 2.2 sparc Debian Linux 2.2 powerpc Debian Linux 2.2 IA32 Debian Linux 2.2 arm Debian Linux 2.2 alpha Debian Linux 2.2 68k Debian Linux 2.2 Sun Cobalt Control Station 4100CS Sun Cobalt Qube3 Japanese 4000WGJ Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ Sun Cobalt Qube3 Japanese w/Caching 4010WGJ Sun Cobalt RaQ XTR 3500R Sun Cobalt RaQ XTR Japanese 3500Rja PHP PHP 4.0.2 PHP PHP 4.0.1 pl2 PHP PHP 4.0.1 pl1 PHP PHP 4.0.1 Sun Cobalt Qube3 4000WG Sun Cobalt Qube3 w/ Caching and RAID 4100WG Sun Cobalt Qube3 w/Caching 4010WG Sun Cobalt RaQ4 3001R Sun Cobalt RaQ4 Japanese RAID 3100Rja Sun Cobalt RaQ4 RAID 3100R PHP PHP 4.0 0 PHP PHP 3.0.18 PHP PHP 3.0.17 S.u.S.E. Linux 7.1 x86 S.u.S.E. Linux 7.1 sparc S.u.S.E. Linux 7.1 ppc S.u.S.E. Linux 7.1 alpha S.u.S.E. Linux 7.1 S.u.S.E. Linux 7.0 sparc S.u.S.E. Linux 7.0 ppc S.u.S.E. Linux 7.0 i386 S.u.S.E. Linux 7.0 alpha S.u.S.E. Linux 7.0 Trustix Secure Linux 1.2 Trustix Secure Linux 1.1 PHP PHP 3.0.16 PHP PHP 3.0.15 PHP PHP 3.0.14 PHP PHP 3.0.13 PHP PHP 3.0.12 PHP PHP 3.0.11 PHP PHP 3.0.10 PHP PHP 3.0.9 PHP PHP 3.0.8 PHP PHP 3.0.7 PHP PHP 3.0.6 PHP PHP 3.0.5 PHP PHP 3.0.4 PHP PHP 3.0.3 PHP PHP 3.0.2 PHP PHP 3.0.1 PHP PHP 3.0 0 PHP PHP 3.0 .16 PHP PHP 3.0 .13 PHP PHP 3.0 .12 PHP PHP 3.0 .11 PHP PHP 3.0 .10 PHP PHP 5.2 OpenPKG OpenPKG Stable OpenPKG OpenPKG E1.0Solid OpenPKG OpenPKG Current OpenPKG OpenPKG 2Stable20061018 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2006.0 x86_64 MandrakeSoft Linux Mandrake 2006.0 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia64 Debian Linux 3.1 ia32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Avaya SES 3.0 Avaya SES 2.0 Avaya S8700 CM 3.1 Avaya S8700 CM 2.0 Avaya S8500 CM 3.1 Avaya S8500 CM 2.0 Avaya S8500 0 Avaya S8300 CM 3.1 Avaya S8300 CM 2.0 Avaya S8300 0 Avaya CCS 3.0 Avaya CCS 2.0 Avaya AES 3.1
Not Vulnerable	PHP PHP 5.2.1 PHP PHP 4.4.5
Code	Exploiting some of these issues will depend on the configuration of the application employing the vulnerable PHP version. Some of these issues require local access to exploit, while others may be exploitable through a browser.
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-12-04 Netrw Vim Script Information Disclosure Vulnerability
• 2008-12-04 Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
• 2008-12-03 Adobe Acrobat 9 Unspecified PDF Document Encryption Weakness
• 2008-12-03 Ocean12 Mailing List Manager Gold SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-12-03 IBM Rational ClearQuest Maintenance Tool Local Information Disclosure Vulnerability
• 2008-12-03 VMware Products Unspecified Host Memory Corruption Vulnerability
• 2008-12-03 IBM Rational ClearQuest Web Multiple Unspecified Cross Site Scripting Vulnerabilities
• 2008-12-02 RakhiSoftware Shopping Cart Multiple Remote Vulnerabilities
• 2008-12-02 Softbiz Classifieds Script Multiple Cross Site Scripting Vulnerabilities
• 2008-12-02 CodeToad ASP Shopping Cart Script Cross Site Scripting Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 04 Dec 2008 17:16:38 +0000