CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 0CVE-2010-3294 – php-pecl-apc: potential XSS in apc.php
https://notcve.org/view.php?id=CVE-2010-3294
Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en apc.php de la extensión "Alternative PHP Cache" (APC) en versiones anteriores a la v3.1.4 para PHP permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores de ataque sin especificar. • http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4 http://rhn.redhat.com/errata/RHSA-2012-0811.html http://www.openwall.com/lists/oss-security/2010/09/14/1 http://www.openwall.com/lists/oss-security/2010/09/14/6 http://www.openwall.com/lists/oss-security/2010/09/14/8 http://www.vupen.com/english/advisories/2010/2406 https://access.redhat.com/security/cve/CVE-2010-3294 https://bugzilla.redhat.com/show_bug.cgi?id=634334 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 18%CPEs: 8EXPL: 2CVE-2008-1488 – PECL 3.0.x - Alternative PHP Cache Extension 'apc_search_paths()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1488
Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) 3.0.11 through 3.0.16 allows remote attackers to execute arbitrary code via a long filename. Desbordamiento de búfer basado en pila en apc.c de Alternative PHP Cache (APC) de 3.0.11 a 3.0.16 permite a atacantes remotos ejecutar código de su elección a través de un nombre de archivo largo. • https://www.exploit-db.com/exploits/31540 http://papasian.org/~dannyp/apcsmash.php.txt http://pecl.php.net/bugs/bug.php?id=13415 http://secunia.com/advisories/29509 http://secunia.com/advisories/29745 http://secunia.com/advisories/31082 http://security.gentoo.org/glsa/glsa-200804-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:082 http://www.securityfocus.com/bid/28457 https://exchange.xforce.ibmcloud.com/vulnerabilities/41420 https://www.redhat.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •