1 results (0.002 seconds)

CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 4

The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter). La función mb_strcut en Libmbfl v1.1.0, como el usado en PHP v5.3.x hasta v5.3.3, permite a atacantes dependientes del contexto obtener información potencialmente sensible a través de un valor largo del tercer parámetro (también conocido como parametro length. • https://www.exploit-db.com/exploits/34979 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://marc.info/?l=bugtraq&m=130331363227777&w=2 http://pastie.org/1279428 http://pastie.org/1279682 http://secunia.com/advisories/42135 http://secunia.com/advisories/42812 http://secunia.com/advisories/43189 http://www.mandriva.com/security/advisories?name=MDVSA-2010:225 http: • CWE-20: Improper Input Validation •