CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 1CVE-2010-1917 – php: fnmatch long pattern stack memory exhaustion (MOPS-2010-021)
https://notcve.org/view.php?id=CVE-2010-1917
12 May 2010 — Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string. Una vulnerabilidad de consumo de pila en PHP v5.2 a v5.2.13 y v5.3 a través de v5.3.2 permite provocar, a determinados atacantes, según el contexto, una denegación de servicio (fallo de PHP) a través de un argumento modificado a la función fnmatch, como se demuestr... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 1CVE-2010-1868
https://notcve.org/view.php?id=CVE-2010-1868
07 May 2010 — The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. Las funciones (1) sqlite_single_query y (2) sqlite_array_query en ext/sqlite/sqlite.c en PHP v5.2 hasta v5.2.13 y 5.3 hasta v5.3.2 permiten a atacantes, dependiendo del contexto, ejecutar código de su elección mediant... • http://php-security.org/2010/05/07/mops-2010-012-php-sqlite_single_query-uninitialized-memory-usage-vulnerability/index.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 1CVE-2010-1860
https://notcve.org/view.php?id=CVE-2010-1860
07 May 2010 — The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature. La función html_entity_decode en PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 permite a atacantes dependiendo del contexto obtener información sensible (contenido de memoria) o provocar una corrupción de memoria... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 1CVE-2010-1862
https://notcve.org/view.php?id=CVE-2010-1862
07 May 2010 — The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. La función chunk_split en PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 permite a atacantes dependiendo del contexto obtener información sensible (contenido de memoria) provocando una interrupción del espacio de usuario de una función interna, ... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 1CVE-2010-1864
https://notcve.org/view.php?id=CVE-2010-1864
07 May 2010 — The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. La función addcslashes en PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 permite a atacantes dependiendo del contexto obtener información sensible (contenido de memoria) provocando una interrupción de espacio de usuario en una función interna, r... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 1CVE-2010-1861
https://notcve.org/view.php?id=CVE-2010-1861
07 May 2010 — The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource. La extensión sysvshm para PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 permite a atacantes dependiendo del contexto escribir sobre direcciones de memoria de su elección utilizando un objeto función _sleep para interrumpir una lla... • http://php-security.org/2010/05/05/mops-2010-009-php-shm_put_var-already-freed-resource-access-vulnerability/index.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2010-1129
https://notcve.org/view.php?id=CVE-2010-1129
26 Mar 2010 — The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function. La implementación de safe_mode en PHP anteriores a v5.2.13 no manejan de forma adecuada las rutas de los nombres de directorios que no tienen un carácter "/" (barra), lo que permite a usuarios dependiendo del contexto saltarse las restriccione... • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 13EXPL: 2CVE-2010-1128 – PHP 5.3.1 - LCG Entropy Security
https://notcve.org/view.php?id=CVE-2010-1128
26 Mar 2010 — The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function. El Linear Congruential Generator (LCG) en PHP anteriores a v5.2.13 no provee la entropía esperada, lo que hace más fácil para atacantes dependiendo del contexto adivinar valores que deberían ser impredecibles, como se demostró ... • https://www.exploit-db.com/exploits/33677 • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 1%CPEs: 35EXPL: 2CVE-2010-1130 – PHP 5.3.1 - 'session_save_path() Safe_mode()' Restriction Bypass Exploiot
https://notcve.org/view.php?id=CVE-2010-1130
26 Mar 2010 — session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot). session.c en la extesión session en PHP anteriores a v5.2.13, y v5.3.1, no interpreta de forma adecuada los carácteres ";" en el argumento sobre la función sessi... • https://www.exploit-db.com/exploits/33625 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-4418
https://notcve.org/view.php?id=CVE-2009-4418
24 Dec 2009 — The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences. La función deserializada (unserialize) en PHP 5.3.0 y anteriores permite a atacantes dependientes del contexto causar una denegación de servicio (consumo de recursos) a través una variables anidadas profundamente, como queda demostrada con una cadena i... • http://www.suspekt.org/2009/11/28/shocking-news-in-php-exploitation • CWE-189: Numeric Errors •