Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
Avaya Products PHP Multiple Vulnerabilities
Nov 06, 2007 @ 13:56:00

As mentioned in this new security advisory from Avaya, there's a risk that the PHP version included with their Messaging systems could provide a hole for a would-be attacker to gain access.

Issues have been reported in the following:

  • integer overflow vulnerabilities in the PHP gd extension
  • integer overflow vulnerability in the PHP chunk_split function
  • a security update has introduced a bug into PHP session cookie handling
  • vulnerability in the PHP money_format function
  • vulnerability in the PHP wordwrap function
  • vulnerability in PHP session cookie handling
  • vulnerability in the PHP gc extension

The advisory contains links to more information from RedHat on these issues and includes a list of systems effected as well as recommended actions to take.

tagged: secunia advisory avaya security messaging secunia advisory avaya security messaging

Link:

Community News:
Avaya Products PHP Multiple Vulnerabilities
Nov 06, 2007 @ 13:56:00

As mentioned in this new security advisory from Avaya, there's a risk that the PHP version included with their Messaging systems could provide a hole for a would-be attacker to gain access.

Issues have been reported in the following:

  • integer overflow vulnerabilities in the PHP gd extension
  • integer overflow vulnerability in the PHP chunk_split function
  • a security update has introduced a bug into PHP session cookie handling
  • vulnerability in the PHP money_format function
  • vulnerability in the PHP wordwrap function
  • vulnerability in PHP session cookie handling
  • vulnerability in the PHP gc extension

The advisory contains links to more information from RedHat on these issues and includes a list of systems effected as well as recommended actions to take.

tagged: secunia advisory avaya security messaging secunia advisory avaya security messaging

Link:

Secunia.com:
Avaya Products PHP Multiple Vulnerabilities
Jun 14, 2007 @ 13:02:00

Secunia has posted a vulnerability marked as "highly critical" for users of any of the Avaya products that use PHP:

Avaya has acknowledged some vulnerabilities in various Avaya products, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system.

The following products are affected:

  • Avaya Communication Manager (CM 4.0 and CM 2.x prior to load 127.0)
  • Avaya CCS/SES (CCS/SES 3.1.1)
  • Avaya AES (AES 4.0)

Currently, according to the original announcement from Avaya, there are two issues that have been found and are able to be exploited - an issue with the xmlrpc extension and a problem with the ftp extension. Currently, there is no patch to correct these issues, but you can keep track of their current status via their entries

tagged: secunia avaya xmlrpc ftp extenstion vulnerability secunia avaya xmlrpc ftp extenstion vulnerability

Link:

Secunia.com:
Avaya Products PHP Multiple Vulnerabilities
Jun 14, 2007 @ 13:02:00

Secunia has posted a vulnerability marked as "highly critical" for users of any of the Avaya products that use PHP:

Avaya has acknowledged some vulnerabilities in various Avaya products, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system.

The following products are affected:

  • Avaya Communication Manager (CM 4.0 and CM 2.x prior to load 127.0)
  • Avaya CCS/SES (CCS/SES 3.1.1)
  • Avaya AES (AES 4.0)

Currently, according to the original announcement from Avaya, there are two issues that have been found and are able to be exploited - an issue with the xmlrpc extension and a problem with the ftp extension. Currently, there is no patch to correct these issues, but you can keep track of their current status via their entries

tagged: secunia avaya xmlrpc ftp extenstion vulnerability secunia avaya xmlrpc ftp extenstion vulnerability

Link:


Trending Topics: