CVSS: 9.1EPSS: 2%CPEs: 47EXPL: 0CVE-2012-0057 – php: XSLT file writing vulnerability
https://notcve.org/view.php?id=CVE-2012-0057
02 Feb 2012 — PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. PHP en versiones anteriores a la 5.3.9 tiene configuraciones de seguridad libxslt inapropiadas, lo que permite a atacantes remotos crear ficheros arbitrarios a través de hojas de estilo XSLT que utilizan una extensión libxslt. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 89%CPEs: 45EXPL: 6CVE-2011-4885 – PHP 5.3.8 - Hashtables Denial of Service
https://notcve.org/view.php?id=CVE-2011-4885
30 Dec 2011 — PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. PHP anterior a v5.3.9 calcula los valores hash de los parámetros de forma, sin restringir la capacidad de desencadenar colisiones hash predecible, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío de gran cantidad... • https://packetstorm.news/files/id/180523 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 82%CPEs: 10EXPL: 1CVE-2011-4566 – php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure
https://notcve.org/view.php?id=CVE-2011-4566
29 Nov 2011 — Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. Un desbordamiento de entero en la función exif_process_IFD_TAG en el fichero exif.c de la extensión exif de PHP v5.4.0 beta2 en las plataformas de 32 bits permite a atacante... • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 15%CPEs: 105EXPL: 0CVE-2011-3268
https://notcve.org/view.php?id=CVE-2011-3268
25 Aug 2011 — Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483. Desbordamiento de búfer en la función de cifrado en PHP antes de v5.3.7, permite a atacantes dependientes de contexto tener un impacto no especificado a través de un argumento "long salt", una vulnerabilidad diferente a CVE-2011-2483. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 4%CPEs: 105EXPL: 0CVE-2011-3267
https://notcve.org/view.php?id=CVE-2011-3267
25 Aug 2011 — PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors. PHP antes de v5.3.7 no aplica correctamente la función error_log, lo que permite a atacantes dependientes del contexto provocar una denegación de servicio (caída de aplicación) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 6%CPEs: 6EXPL: 0CVE-2011-2483 – crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
https://notcve.org/view.php?id=CVE-2011-2483
25 Aug 2011 — crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. crypt_blowfish en versiones anteriores a 1.1, como se utiliza en PHP en versiones anteriores a 5.3.7 en ciertas plataformas, PostgreSQL en versiones anteriores a 8.4.9 y otros productos, no maneja adecuadamente cara... • http://freshmeat.net/projects/crypt_blowfish • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 1%CPEs: 105EXPL: 5CVE-2011-3182 – PHP < 5.3.7 - Multiple Null Pointer Dereference Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-3182
25 Aug 2011 — PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) e... • https://www.exploit-db.com/exploits/36070 •
CVSS: 7.5EPSS: 12%CPEs: 72EXPL: 2CVE-2011-2202 – PHP 5.3.6 - Security Bypass
https://notcve.org/view.php?id=CVE-2011-2202
16 Jun 2011 — The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability." La función rfc1867_post_handler en main/rfc1867.c en PHP anterior a v5.3.7 no restringe correctamente los nombres de archivo en solicitudes POST multipart/form-d... • https://www.exploit-db.com/exploits/35855 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 50%CPEs: 4EXPL: 3CVE-2011-1938 – PHP 5.3.5 - 'socket_connect()' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-1938
31 May 2011 — Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. Desbordamiento de búfer basado en pila en la función socket_connect en ext/sockets/sockets.c en PHP v5.3.3 a v5.3.6 podría permitir a atacantes dependientes de contexto ejecutar código de su elección a través de una ruta larga para un socket UNIX. • https://www.exploit-db.com/exploits/17318 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0441
https://notcve.org/view.php?id=CVE-2011-0441
29 Mar 2011 — The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. La tarea de cron /etc/cron.d/php5 de Debian GNU/Linux para PHP 5.3.5 permite a usuarios locales eliminar ficheros de su elección a través de un ataque symlink en un directorio bajo /var/lib/php5/. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618489 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •