oss-sec mailing list archives

Re: Month of PHP Security 2010 Issues

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 11 May 2010 19:31:45 -0400 (EDT)


Here is the latest round of CVE assignments for MOPS advisories.

MOPS-2010-021: PHP fnmatch() Stack Exhaustion Vulnerability


CVE-2010-1917

MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection Vulnerability
MOPS-2010-019: Serendipity WYSIWYG Editor Plugin Configuration Injection


These two are combined into a single CVE:

CVE-2010-1916

MOPS-2010-018: EFront ask_chat chatrooms_ID SQL Injection Vulnerability


CVE-2010-1918

MOPS-2010-017: PHP preg_quote() Interruption Information Leak


CVE-2010-1915

MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information LeakMOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information LeakMOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information


These three are combined into a single CVE:

CVE-2010-1914


- Steve

Current thread:

Month of PHP Security 2010 Issues Eren Türkay (May 11)
- Re: Month of PHP Security 2010 Issues Moritz Muehlenhoff (May 11)
- Re: Month of PHP Security 2010 Issues Steven M. Christey (May 11)