- PHP Zip_Entry_Read() Integer Overflow Vulnerability (BugtraqID 23169)
- Versions of PHP have been found prone to an integer-overflow vulnerability. Affected versions of PHP which are also identified and scanned by the Smart Attack fail to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a heap-based buffer overflow. It is important to identify such a vulnerability as early as possible not only because exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application but even failed exploit attempts will likely result in a denial-of-service condition.
Detail information can be found here:http://www.securityfocus.com/bid/23169/solution
PHP ZipArchive::extractTo() '.zip' Files Directory Traversal Vulnerability (BugtraqID 32625)
PHP has recently been found to be prone to a directory-traversal vulnerability. The affected application fails to adequately sanitize user-supplied input. A successful attack allows the Hacker to create or overwrite arbitrary files on the system, which allows execution of arbitrary script code in the context of the Webserver. This vulnerability is especially dangerous, as a hacker could exploit this issue using standard client applications. PHP versions affected: PHP/5.2.1 to PHP/5.2.6
Detail information can be found at: http://www.securityfocus.com/bid/32625/solution
- Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability (BugtraqID 22791)
- This update will enable Cenzic to unearth another vulnerability in the Apache Tomacat Servlet Container. Apache Tomcat is prone to a vulnerability that will allow remote attackers to execute arbitrary code on an affected computer. A successful attack may result in a complete compromise.
Detail information can be found here:http://www.securityfocus.com/bid/22791/solution
| 
del.icio.us
|
| 
Digg | 
Facebook
Post a comment