CVE-2005-3388 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2005-3388
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-3388

Description: Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."

CVE Status: Candidate

References: UBUNTU http://www.ubuntulinux.org/usn/usn-232-1/document_view TURBO http://www.turbolinux.com/security/2006/TLSA-2006-38.txt SUSE http://www.novell.com/linux/security/advisories/2005_27_sr.html ST 1015130 SREASON http://securityreason.com/securityalert/133 SAID Secunia Advisory: SA17490 Secunia Advisory: SA17510 Secunia Advisory: SA17557 Secunia Advisory: SA17371 Secunia Advisory: SA17531 Secunia Advisory: SA18198 Secunia Advisory: SA17559 Secunia Advisory: SA18669 Secunia Advisory: SA21252 Secunia Advisory: SA22691 REDHAT http://www.redhat.com/support/errata/RHSA-2005-838.html http://rhn.redhat.com/errata/RHSA-2006-0549.html http://www.redhat.com/support/errata/RHSA-2005-831.html OPENPKG http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html MISC http://www.hardened-php.net/advisory_182005.77.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:213 HP http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml FEDORA http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html CONFIRM http://www.php.net/release_4_4_1.php http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/415292 BID 15248

Return to the previous page.