CVSS: 9.8EPSS: 16%CPEs: 1EXPL: 1CVE-2012-0831 – php: PG(magic_quote_gpc) was not restored on shutdown
https://notcve.org/view.php?id=CVE-2012-0831
10 Feb 2012 — PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. PHP anterior a v5.3.10 no realizan de forma adecuada un cambio temporal a la directiva magic_quotes_gpc durante la importación de variables de entorno, lo que simplifica a atacantes remo... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 40%CPEs: 1EXPL: 4CVE-2012-0830 – PHP 5.4.0RC6 (x64) - Denial of Service
https://notcve.org/view.php?id=CVE-2012-0830
06 Feb 2012 — The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885. La función php_register_variable_ex en php_variables.c en PHP v5.3.9 permite a atacantes remotos ejecutar código de su elección a través de una solicitud que contenga un gran número de variable. Se trata de un ... • https://www.exploit-db.com/exploits/18460 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 2%CPEs: 47EXPL: 0CVE-2012-0057 – php: XSLT file writing vulnerability
https://notcve.org/view.php?id=CVE-2012-0057
02 Feb 2012 — PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. PHP en versiones anteriores a la 5.3.9 tiene configuraciones de seguridad libxslt inapropiadas, lo que permite a atacantes remotos crear ficheros arbitrarios a través de hojas de estilo XSLT que utilizan una extensión libxslt. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 4CVE-2011-4153 – PHP 5.3.8 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4153
18 Jan 2012 — PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php... • https://www.exploit-db.com/exploits/18370 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 4CVE-2012-0781 – PHP 5.3.8 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0781
18 Jan 2012 — The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153. La función tidy_diagnose de PHP v5.3.8 podría permitir a atacantes remotos provocar una denegación de servicio (puntero a NULL y caída de la aplicación) a través del ingreso de determinados datos a una aplicación... • https://www.exploit-db.com/exploits/18370 • CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 89%CPEs: 45EXPL: 6CVE-2011-4885 – PHP 5.3.8 - Hashtables Denial of Service
https://notcve.org/view.php?id=CVE-2011-4885
30 Dec 2011 — PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. PHP anterior a v5.3.9 calcula los valores hash de los parámetros de forma, sin restringir la capacidad de desencadenar colisiones hash predecible, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío de gran cantidad... • https://packetstorm.news/files/id/180523 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 82%CPEs: 10EXPL: 1CVE-2011-4566 – php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure
https://notcve.org/view.php?id=CVE-2011-4566
29 Nov 2011 — Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. Un desbordamiento de entero en la función exif_process_IFD_TAG en el fichero exif.c de la extensión exif de PHP v5.4.0 beta2 en las plataformas de 32 bits permite a atacante... • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2011-4078
https://notcve.org/view.php?id=CVE-2011-4078
03 Nov 2011 — include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379. inclinclude/iniset.php en Roundcube Webmail v0.5.4 y anteriores, cuando PHP v5.3.7 o v5.3.8 se utiliza, permite a atacantes remotos provocar una solicitud GET para una dirección arbitraria, y provocar... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2011-3379
https://notcve.org/view.php?id=CVE-2011-3379
03 Nov 2011 — The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. La función de PHP v5.3.7 y v5.3.8 activa una llamada a la función __autoload, lo que hace más fácil para los atacantes remotos ejecutar código arbitrario mediante una URL y el aprovechamiento de los comportamientos potencialmente peligroso... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 15%CPEs: 105EXPL: 0CVE-2011-3268
https://notcve.org/view.php?id=CVE-2011-3268
25 Aug 2011 — Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483. Desbordamiento de búfer en la función de cifrado en PHP antes de v5.3.7, permite a atacantes dependientes de contexto tener un impacto no especificado a través de un argumento "long salt", una vulnerabilidad diferente a CVE-2011-2483. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •