CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 0CVE-2010-3294 – php-pecl-apc: potential XSS in apc.php
https://notcve.org/view.php?id=CVE-2010-3294
Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en apc.php de la extensión "Alternative PHP Cache" (APC) en versiones anteriores a la v3.1.4 para PHP permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores de ataque sin especificar. • http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4 http://rhn.redhat.com/errata/RHSA-2012-0811.html http://www.openwall.com/lists/oss-security/2010/09/14/1 http://www.openwall.com/lists/oss-security/2010/09/14/6 http://www.openwall.com/lists/oss-security/2010/09/14/8 http://www.vupen.com/english/advisories/2010/2406 https://access.redhat.com/security/cve/CVE-2010-3294 https://bugzilla.redhat.com/show_bug.cgi?id=634334 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 18%CPEs: 8EXPL: 2CVE-2008-1488 – PECL 3.0.x - Alternative PHP Cache Extension 'apc_search_paths()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1488
Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) 3.0.11 through 3.0.16 allows remote attackers to execute arbitrary code via a long filename. Desbordamiento de búfer basado en pila en apc.c de Alternative PHP Cache (APC) de 3.0.11 a 3.0.16 permite a atacantes remotos ejecutar código de su elección a través de un nombre de archivo largo. • https://www.exploit-db.com/exploits/31540 http://papasian.org/~dannyp/apcsmash.php.txt http://pecl.php.net/bugs/bug.php?id=13415 http://secunia.com/advisories/29509 http://secunia.com/advisories/29745 http://secunia.com/advisories/31082 http://security.gentoo.org/glsa/glsa-200804-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:082 http://www.securityfocus.com/bid/28457 https://exchange.xforce.ibmcloud.com/vulnerabilities/41420 https://www.redhat.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 82%CPEs: 3EXPL: 2CVE-2007-1399 – PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - 'zip://' URL Wrapper Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1399
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. Desbordamiento de búfer basado en pila en el envoltorio (wrapper) de URL zip:// en PECL ZIP 1.8.3 y anteriores, como ha sido incluido en PHP 5.2.0 y 5.2.1, permite a atacantes remotos ejecutar código de su elección mediante una URL zip:// larga, como ha sido demostrado accediendo activamente a la URL desde un intérprete PHP remoto mediante una subida avatar o notificación de que el blog ha sido enlazado (blog pingback). • https://www.exploit-db.com/exploits/3440 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://secunia.com/advisories/24471 http://secunia.com/advisories/24514 http://secunia.com/advisories/25938 http://www.debian.org/security/2007/dsa-1330 http://www.osvdb.org/32782 http://www.php-security.org/MOPB/MOPB-16-2007.html http://www.securityfocus.com/bid/22883 http://www.vupen.com/english/advisories/2007/0898 https://exchange.xforce.ibmcloud. •