PHP "lên dĩa"

Bắt đầu là Month of Browser Bugs, rồi đến Month of Kernel BugsMonth of Apple Bugs, còn bây giờ là Month of PHP Bugs. Chỉ sau 3 ngày, đã có 8 lỗi nghiêm trọng của PHP được công bố!

# Title Description PoC/Exploit References
8 PHP 4 phpinfo() XSS Vulnerability (Deja-vu) phpinfo() does not escape cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content of user supplied arrays in GET, POST or COOKIE variables when it displays cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m which leads to an XSS vulnerability. MOPB-08-2007.phpt HPHP-18-2005
CVE-NO-NAME
7 Zend Platform ini_modifier Local Root Vulnerability The ini_modifier of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Zend Platform can be tricked by a local to edit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system php.ini file, which can be used to obtain root privileges. Not needed CVE-NO-NAME
6 Zend Platform Insecure File Permission Local Root Vulnerability Several binaries and shellscripts installed by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Zend Platform are installed with unsafe permissions that might allow an attacker to gain root privileges. Not needed CVE-NO-NAME
5 PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability Deserialisation of malformed PHP arrays from within unserialize() might result in a tight endless loop exhausting CPU ressources on 64bit systems. Not needed CVE-2007-0988
4 PHP 4 unserialize() ZVAL Reference Counter Overflow During unserialisation of user supplied data that contains a lot of references to a variable cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 internal 16bit zval reference counter can overflow. This leads to an exploitable double dtor condition. MOPB-04-2007.php CVE-NO-NAME
MOPB-01-2007
3 PHP Variable Destructor Deep Recursion Stack Overflow The destruction of deeply nested PHP arrays will exhaust all available stack which leads to remotely triggerable crashes. Not needed CVE-NO-NAME
2 PHP Executor Deep Recursion Stack Overflow A deep recursion of PHP userland code will exhaust all available stack which leads to a sometimes remotely triggerable crash. Not needed CVE-2006-1549
1 PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability In PHP 4 userland code is able to overflow cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 internal 16bit zval reference counter by creating many references to a variable. This leads to an exploitable double dtor condition. MOPB-01-2007.php CVE-NO-NAME

Comments

ct said…
Toa`n PHP4 nhi?