CVSS: 7.5EPSS: 2%CPEs: 62EXPL: 1CVE-2009-3558
https://notcve.org/view.php?id=CVE-2009-3558
23 Nov 2009 — The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file. La función posix_mkfifo de ext/posix/posix.c de PHP v5.2.11 y anteriores, y v5.3.x anteriores a la v5.3.1, permite a atacantes dependiendo del contexto evitar las restricciones open_basedir, y crear ficheros FIFO, a través de los argumentos "p... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 1%CPEs: 112EXPL: 0CVE-2009-3291 – php: openssl extension: Incorrect verification of SSL certificate with NUL in name
https://notcve.org/view.php?id=CVE-2009-3291
22 Sep 2009 — The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. La función php_openssl_apply_verification_policy de PHP en versiones anteriores a la v5.2.11 no realiza adecuadamente la validación de un certificado, lo que tiene un impacto y vectores de ataque desconocidos, probablemente relacionados con la posibilidad de suplantar certificados. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 109EXPL: 0CVE-2009-3292 – php: exif extension: Multiple missing sanity checks in EXIF file processing
https://notcve.org/view.php?id=CVE-2009-3292
22 Sep 2009 — Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing." Vulnerabilidad sin especificar en PHP en versiones anteriores a la v5.2.11 tiene un impacto desconocido y vectores de ataque relacionados con un "missing sanity checks around exif processing." (comprobaciones de validez no encontradas del procesamiento exif.). • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html •
CVSS: 9.8EPSS: 1%CPEs: 109EXPL: 0CVE-2009-3293
https://notcve.org/view.php?id=CVE-2009-3293
22 Sep 2009 — Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index." Vulnerabilidad sin especificar en la función imagecolortransparent de PHP en versiones anteriores a la v5.2.11 tiene un impacto desconocido y vectores de ataque relacionados con un incorrecto "sanity check for the color index." (comprobación de validez de un índice de color.). • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html •
CVSS: 7.5EPSS: 1%CPEs: 55EXPL: 1CVE-2008-7068
https://notcve.org/view.php?id=CVE-2008-7068
25 Aug 2009 — The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file. La función dba_replace en PHP v5.2.6 y 4.x permite a atacantes dependientes de contexto producir una denegación de servicio (corte de fichero) a través de una clave con un byte NU... • http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1313&r2=1.2027.2.547.2.1314& • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2009-2687 – php: exif_read_data crash on corrupted JPEG files
https://notcve.org/view.php?id=CVE-2009-2687
05 Aug 2009 — The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. La función exif_read_data en el módulo Exif en PHP anteriores v5.2.10 permite a atacantes remotos causar una denegación de servicio (caída) a través de una imagen JPEG mal formada con campos inválidos en offset, siendo un asunto diferente a CVE-2005-3353. • http://bugs.php.net/bug.php?id=48378 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2009-0754 – PHP 5.2.5 - 'mbstring.func_overload' WebServer Denial of Service
https://notcve.org/view.php?id=CVE-2009-0754
03 Mar 2009 — PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. PHP v4.4.4, v5.1.6, y otras versiones, cuando están ejecutando Apache, permite a usuarios locales modificar el comportamiento de otros sitios hospedados en el mismo servidor web mediante la modificación de la caracterí... • https://www.exploit-db.com/exploits/32769 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.1EPSS: 0%CPEs: 109EXPL: 0CVE-2008-5814 – php: XSS via PHP error messages
https://notcve.org/view.php?id=CVE-2008-5814
02 Jan 2009 — Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208. Vulnerabilidad de Secuencias de Comandos en Sitios Cruzados (XSS) en PHP, posiblemente v5.2.7 y anteriores, cuando display_error está activada, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a trav... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 33EXPL: 3CVE-2008-5498 – PHP 5.2.8 gd library - 'imageRotate()' Information Leak
https://notcve.org/view.php?id=CVE-2008-5498
26 Dec 2008 — Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image. Error de índice de array en la función imageRotate en PHP 5.2.8 y anteriores permite a atacantes dependientes del contexto leer los contenidos de posiciones de memoria de su elección mediante un valor manipulado del tercer argumento (también conocido ... • https://www.exploit-db.com/exploits/7646 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 14%CPEs: 49EXPL: 2CVE-2008-5557 – php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)
https://notcve.org/view.php?id=CVE-2008-5557
23 Dec 2008 — Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions. Desbordamiento de búfer basado en montículo en ext/mbstring/libmbfl/filters/mbfilter_htmlent.c... • http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •