Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

Ubuntu: PHP vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) Ubuntu: PHP vulnerabilities
# 1  
Old 01-13-2010
Ubuntu: PHP vulnerabilities
LinuxSecurity.com: Maksymilian Arciemowicz discovered that PHP did not properly handle theini_restore function. An attacker could exploit this issue to obtainrandom memory contents or to cause the PHP server to crash, resulting in adenial of service. (CVE-2009-2626)It was discovered that the htmlspecialchars function did not properlyhandle certain character sequences, which could result in browsers becomingvulnerable to cross-site scripting attacks when processing the output. Withcross-site scripting vulnerabilities, if a user were tricked into viewingserver output during a crafted server request, a remote attacker couldexploit this to modify the contents, or steal confidential data (such aspasswords), within the same domain. (CVE-2009-4142)Stefan Esser discovered that PHP did not properly handle session data. Anattacker could exploit this issue to bypass safe_mode or open_basedirrestrictions. (CVE-2009-4143)

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT PHP

xml_parser_create_ns

XML_PARSER_CREATE_NS(3) 						 1						   XML_PARSER_CREATE_NS(3)

xml_parser_create_ns - Create an XML parser with namespace support

SYNOPSIS

       resource xml_parser_create_ns ([string  $encoding], [string  $separator = ":"])

DESCRIPTION

       xml_parser_create_ns(3)	creates a new XML parser with XML namespace support and returns a resource handle referencing it to be used by the
       other XML functions.

PARAMETERS

	      o $encoding
		- The optional $encoding specifies the character encoding for the input/output in PHP 4. Starting from PHP 5, the  input  encoding
		is automatically detected, so that the $encoding parameter specifies only the output encoding. In PHP 4, the default output encod-
		ing is the same as the input charset. In PHP 5.0.0 and 5.0.1, the default output charset is ISO-8859-1, while  in  PHP	5.0.2  and
		upper is UTF-8. The supported encodings are ISO-8859-1, UTF-8 and US-ASCII.

	      o $separator
		- With a namespace aware parser tag parameters passed to the various handler functions will consist of namespace and tag name sep-
		arated by the string specified in $separator.

RETURN VALUES

	Returns a resource handle for the new XML parser.

SEE ALSO

       xml_parser_create(3), xml_parser_free(3).

PHP Documentation Group 												   XML_PARSER_CREATE_NS(3)