CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 1CVE-2010-3065 – php: session serializer session data injection vulnerability (MOPS-2010-060)
https://notcve.org/view.php?id=CVE-2010-3065
20 Aug 2010 — The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name. El serializador de sesión por defecto en PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 no maneja adecuadamente PS_UNDEF_MARKER marker, lo que permite dependiendo del contexto a atacantes modificar variables de sesión de su elección a través de un nombre de variable d... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 3%CPEs: 17EXPL: 1CVE-2010-2225
https://notcve.org/view.php?id=CVE-2010-2225
23 Jun 2010 — Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function. Vulnerabilidad de uso después de la liberación (Use-after-free) en deserializador SplObjectStorage en PHP v5.2.x y v5.3.x hasta v5.3.2 permite a atacantes remotos ejecutar código de su elección u obtener información sensible a través de datos serializados, relacion... • http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 2CVE-2010-2190
https://notcve.org/view.php?id=CVE-2010-2190
07 Jun 2010 — The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. Las funciones (1) trim, (2) ltrim, (3) rtrim, y (4) substr_replace en PHP v5.2 a v5.2.13 y v5.3 a v5.3.2 permiten obtener a atacantes información sensible variable en función del contexto (el conten... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 7CVE-2010-2191
https://notcve.org/view.php?id=CVE-2010-2191
07 Jun 2010 — The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature. Las funcion... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 3CVE-2010-2097
https://notcve.org/view.php?id=CVE-2010-2097
27 May 2010 — The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. Las funciones (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode en PHP v5.2 a la v5.2.13 y v5.3 a la v5.3.2, permiten a atacantes dependientes del contexto obtener infor... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2010-2093
https://notcve.org/view.php?id=CVE-2010-2093
27 May 2010 — Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs. Vulnerabilidad de uso despues de liberacion en la funcionalidad de petición shutdown en PHP v5.2 anterior v5.2.13 y v5.3 anterior v5.3.2 permite a atacantes dependientes del contexto causar una denegación de servicio (caída) a través de una estructura cad... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 6CVE-2010-2094 – PHP 5.3.x < 5.3.2 - 'ext/phar/stream.c' / 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2094
27 May 2010 — Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_... • https://www.exploit-db.com/exploits/33988 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 5CVE-2010-2100
https://notcve.org/view.php?id=CVE-2010-2100
27 May 2010 — The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. Las funciones (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, y (6) strtr en PHP v5.2 hasta v5.2.13 y v5.... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 6CVE-2010-2101
https://notcve.org/view.php?id=CVE-2010-2101
27 May 2010 — The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. Las funciones (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, y (6) str_pad functions en PHP v5.2 a la v5.2.13 y v5.3 a la v5.3.2, ... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2010-1915
https://notcve.org/view.php?id=CVE-2010-1915
12 May 2010 — The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory. La función preg_quote en PHP v5.2 hasta v.5.2.13 y v5.3 hasta v.5.3.2 permite a atacantes, dependiendo del contexto o... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •