Published: 24/04/2006 Updated: 18/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent malicious users to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 4.4.2
php php 5.1.2

The phpinfo() PHP function did not properly sanitize long strings A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo() Please note that it is not recommended to publicly expose phpinfo() (CVE-2006-0996) ...

Debian Bug report logs - #365311 CVE-2006-1990/CVE-2006-1991: Security vulnerabilities in php Package: php4; Maintainer for php4 is (unknown); Reported by: Stefan Fritsch <sf@sfritschde> Date: Sat, 29 Apr 2006 06:48:02 UTC Severity: grave Tags: security Found in version php4/4:442-1 Fixed in version php4/4:442-11 D ...

Debian Bug report logs - #365312 CVE-2006-1990/CVE-2006-1991: Security vulnerabilities in php Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Sat, 29 Apr 2006 06:4 ...

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-1990

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect