Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0276

The remote host is missing updates announced in
advisory RHSA-2006:0276.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

The phpinfo() PHP function did not properly sanitize long strings. An
attacker could use this to perform cross-site scripting attacks against
sites that have publicly-available PHP scripts that call phpinfo().

The html_entity_decode() PHP function was found to not be binary safe. An
attacker could use this flaw to disclose a certain part of the memory. In
order for this issue to be exploitable the target site would need to have a
PHP script which called the html_entity_decode() function with untrusted
input from the user and displayed the result. (CVE-2006-1490)

The error handling output was found to not properly escape HTML output in
certain cases. An attacker could use this flaw to perform cross-site
scripting attacks against sites where both display_errors and html_errors
are enabled. (CVE-2006-0208)

An input validation error was found in the mb_send_mail() function. An
attacker could use this flaw to inject arbitrary headers in a mail sent via
a script calling the mb_send_mail() function where the To parameter can
be controlled by the attacker. (CVE-2005-3883)

A buffer overflow flaw was discovered in uw-imap, the University of
Washington's IMAP Server. php-imap is compiled against the static c-client
libraries from imap and therefore needed to be recompiled against the fixed
version. This issue only affected Red Hat Enterprise Linux 3.

Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-2933
BugTraq ID: 15009
CERT/CC vulnerability note: VU#933601
Debian Security Information: DSA-861 (Google Search)
RedHat Security Advisories: RHSA-2006:0276
RedHat Security Advisories: RHSA-2006:0549
SGI Security Advisory: 20051201-01-U
SGI Security Advisory: 20060501-01-U
SuSE Security Announcement: SUSE-SR:2005:023 (Google Search)
XForce ISS Database: uw-imap-mailbox-name-bo(22518)
Common Vulnerability Exposure (CVE) ID: CVE-2005-3883
BugTraq ID: 15571
SuSE Security Announcement: SUSE-SA:2005:069 (Google Search)
TurboLinux Advisory: TLSA-2006-38
XForce ISS Database: php-mbsendmail-header-injection(23270)
Common Vulnerability Exposure (CVE) ID: CVE-2006-0208
BugTraq ID: 16803
SuSE Security Announcement: SUSE-SR:2006:004 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2006-0996
BugTraq ID: 17362
SuSE Security Announcement: SUSE-SA:2006:024 (Google Search)
XForce ISS Database: php-phpinfo-long-array-xss(25702)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1490
BugTraq ID: 17296
Bugtraq: 20060328 Critical PHP bug - act ASAP if you are running web with sensitive data (Google Search)
Bugtraq: 20060328 Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data (Google Search)
Cert/CC Advisory: TA06-333A
XForce ISS Database: php-htmlentitydecode-information-disclosure(25508)
CopyrightCopyright (c) 2006 E-Soft Inc.

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.