Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-669-1
HistoryFeb 07, 2005 - 12:00 a.m.

php3 - several

2005-02-0700:00:00
Google
osv.dev
22

0.939 High

EPSS

Percentile

99.2%

JSON

Two vulnerabilities have been discovered in php4 which also apply to
the version of php3 in the stable Debian distribution. The Common
Vulnerabilities and Exposures project identifies the following
problems:

  • CAN-2004-0594
    The memory_limit functionality allows remote attackers to execute
    arbitrary code under certain circumstances.

  • CAN-2004-0595
    The strip_tags function does not filter null (\0) characters
    within tag names when restricting input to allowed tags, which
    allows dangerous tags to be processed by some web browsers which
    could lead to cross-site scripting (XSS) vulnerabilities.

For the stable distribution (woody) these problems have been fixed in
version 3.0.18-23.1woody2.

For the unstable distribution (sid) these problems have been fixed in
version 3.0.18-27.

We recommend that you upgrade your php3 packages.

CPENameOperatorVersion
php3eq3:3.0.18-23.1woody1

Related

openvas 16
nessus 14
debian 3
redhat 2
osv 1
slackware 1
gentoo 1
suse 1
cve 2
securityvulns 4
canvas 1
packetstorm 1
nvd 2
cvelist 2
freebsd 2
exploitpack 1
exploitdb 1
openvas
openvas
Slackware: Security Advisory (SSA:2004-202-01)
2012-09-10 00:00:00
Debian Security Advisory DSA 531-1 (php4)
2008-01-17 00:00:00
Slackware Advisory SSA:2004-202-01 PHP
2012-09-11 00:00:00
nessus
nessus
Fedora Core 2 : php-4.3.8-2.1 (2004-223)
2004-07-24 00:00:00
GLSA-200407-13 : PHP: Multiple security vulnerabilities
2004-08-30 00:00:00
SUSE-SA:2004:021: php4/mod_php4
2004-07-25 00:00:00
debian
debian
[SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
2004-07-21 02:41:59
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
redhat
redhat
(RHSA-2004:395) php security update
2004-07-19 00:00:00
(RHSA-2004:392) php security update
2004-07-19 00:00:00
osv
osv
php4 - several vulnerabilities
2004-07-20 00:00:00
slackware
slackware
PHP
2004-07-20 23:21:16
gentoo
gentoo
PHP: Multiple security vulnerabilities
2004-07-15 00:00:00
suse
suse
remote code execution in php4/mod_php4
2004-07-16 12:43:18
cve
cve
CVE-2004-0595
2004-07-27 04:00:00
CVE-2004-0594
2004-07-27 04:00:00
securityvulns
securityvulns
[Full-Disclosure] Advisory 12/2004: PHP strip_tags() bypass vulnerability
2004-07-14 00:00:00
Mambo Multiple Vulnerabilities
2006-02-25 00:00:00
[Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability
2004-07-14 00:00:00
canvas
canvas
Immunity Canvas: PHP_LIMIT
2004-07-27 04:00:00
packetstorm
packetstorm
mambo453.txt
2006-02-26 00:00:00
nvd
nvd
CVE-2004-0595
2004-07-27 04:00:00
CVE-2004-0594
2004-07-27 04:00:00
cvelist
cvelist
CVE-2004-0595
2004-07-16 04:00:00
CVE-2004-0594
2004-07-16 04:00:00
freebsd
freebsd
php -- strip_tags cross-site scripting vulnerability
2004-07-07 00:00:00
php -- memory_limit related vulnerability
2004-07-07 00:00:00
exploitpack
exploitpack
Mambo 4.5.3h - Multiple Vulnerabilities
2016-02-24 00:00:00
exploitdb
exploitdb
Mambo < 4.5.3h - Multiple Vulnerabilities
2016-02-24 00:00:00

0.939 High

EPSS

Percentile

99.2%

JSON
Related for OSV:DSA-669-1
openvas16nessus14debian3redhat2osv1slackware1gentoo1suse1cve2securityvulns4canvas1packetstorm1nvd2cvelist2freebsd2exploitpack1exploitdb1