CVSS: 7.5EPSS: 2%CPEs: 69EXPL: 2CVE-2010-4409 – PHP 5.3.3 - NumberFormatter::getSymbol Integer Overflow
https://notcve.org/view.php?id=CVE-2010-4409
06 Dec 2010 — Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument. Desbordamienteo de entero en la función NumberFormatter::getSymbol (numfmt_get_symbol) de PHP 5.3.3 y versiones anteriores. Permite a atacantes dependiendo del contexto provocar una denegación de servicio (caída de la aplicación) a través de un argumento inválido. • https://www.exploit-db.com/exploits/15722 • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 0%CPEs: 88EXPL: 3CVE-2009-5016 – php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string
https://notcve.org/view.php?id=CVE-2009-5016
12 Nov 2010 — Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870. Desbordamiento de enteros en xml_utf8_decode function in ext/xml/xml.c in PHP anterior v5.2.11 hace fácil para atacantes remotos superar los mecanismos de protección de secuencia de comandos en sitios cruzados... • http://bugs.php.net/bug.php?id=49687 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 1%CPEs: 7EXPL: 7CVE-2010-3870 – PHP 5.3.2 - 'xml_utf8_decode()' UTF-8 Input Validation
https://notcve.org/view.php?id=CVE-2010-3870
12 Nov 2010 — The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. La función utf8_decode en PHP anterior v5.3.4 no maneja adecuadamente la codificación UTF-8 corta y las secuencias malformadas en los datos UTF-8, lo que hace fácil para los atacantes remotos superar los mecanismos de protec... • https://www.exploit-db.com/exploits/34950 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 13EXPL: 2CVE-2010-1128 – PHP 5.3.1 - LCG Entropy Security
https://notcve.org/view.php?id=CVE-2010-1128
26 Mar 2010 — The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function. El Linear Congruential Generator (LCG) en PHP anteriores a v5.2.13 no provee la entropía esperada, lo que hace más fácil para atacantes dependiendo del contexto adivinar valores que deberían ser impredecibles, como se demostró ... • https://www.exploit-db.com/exploits/33677 • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 1%CPEs: 35EXPL: 2CVE-2010-1130 – PHP 5.3.1 - 'session_save_path() Safe_mode()' Restriction Bypass Exploiot
https://notcve.org/view.php?id=CVE-2010-1130
26 Mar 2010 — session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot). session.c en la extesión session en PHP anteriores a v5.2.13, y v5.3.1, no interpreta de forma adecuada los carácteres ";" en el argumento sobre la función sessi... • https://www.exploit-db.com/exploits/33625 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-4418
https://notcve.org/view.php?id=CVE-2009-4418
24 Dec 2009 — The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences. La función deserializada (unserialize) en PHP 5.3.0 y anteriores permite a atacantes dependientes del contexto causar una denegación de servicio (consumo de recursos) a través una variables anidadas profundamente, como queda demostrada con una cadena i... • http://www.suspekt.org/2009/11/28/shocking-news-in-php-exploitation • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 1%CPEs: 108EXPL: 0CVE-2009-4143
https://notcve.org/view.php?id=CVE-2009-4143
21 Dec 2009 — PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. PHP versiones anteriores a v5.2.12 no maneja adecuadamente los datos de sesión, teniendo un impacto no especificado y vectores de ataque relacionado con (1) la interrupción de corrupción de la selección SESSION superglobal y (2) la directiva session.save_path. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html •
CVSS: 6.1EPSS: 9%CPEs: 111EXPL: 4CVE-2009-4142 – PHP 5.2.11 - 'htmlspecialCharacters()' Malformed Multibyte Character Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-4142
21 Dec 2009 — The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. La función htmlspecialchars en PHP versiones anteriores a v5.2.12 no maneja adecuadamente (1) secuencias UTF-8 demasiado largas, (2) secuencias inválidas Shift_JIS, y (39 secuencias inválidas EUC-JP, ... • https://www.exploit-db.com/exploits/33414 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 110EXPL: 4CVE-2009-2626 – PHP 5.2.10/5.3.0 - 'ini_restore()' Memory Information Disclosure
https://notcve.org/view.php?id=CVE-2009-2626
01 Dec 2009 — The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. La función zend_restore_ini_entry_cb en zend_ini.c en PHP v5.3.0, v5.2.10, y anteriores permite a atacantes dependientes del contexto conseguir información sensible (contenidos de memoria) y produ... • https://www.exploit-db.com/exploits/10296 •
CVSS: 9.8EPSS: 2%CPEs: 110EXPL: 2CVE-2009-4018 – Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass
https://notcve.org/view.php?id=CVE-2009-4018
27 Nov 2009 — The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable. La función proc_open en ext/standard/proc_open.c en PHP anterior a v5.2.11 y v5.3.x anterior a v5.3.1 no aplica adecuadame... • https://www.exploit-db.com/exploits/11636 • CWE-264: Permissions, Privileges, and Access Controls •