CVE-2006-1490
CVE-2006-1490
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/27508unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://bugs.gentoo.org/show_bug.cgi?id=127939http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=loghttp://docs.info.apple.com/article.html?artnum=304829http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0276.htmlhttp://secunia.com/advisories/19383http://secunia.com/advisories/19499http://secunia.com/advisories/19570http://secunia.com/advisories/19832http://secunia.com/advisories/19979