CVE-2009-4017 – PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service
https://notcve.org/view.php?id=CVE-2009-4017
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive. PHP v5.2.11, y v5.3.x antes de v5.3.1, no restringen el número de archivos temporales creados al manipular una solicitud POST multipart/form-data, lo que permite a atacantes remotos causar una denegación de servicio (por agotamiento de recursos), y facilita a los atacantes remotos aprovecharse de las vulnerabilidades de inclusión de archivos locales, a través de múltiples peticiones, en relación a la falta de apoyo a la directiva max_file_uploads. • https://www.exploit-db.com/exploits/10242 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://news.php.net/php.announce/79 http://seclists.org/fulldisclosure/2009/Nov/228 http://secunia.com/advisories/37482 http://secunia.com/advisories/37821 http://secunia.com/advisories/40262 http://secunia.com/advisories/41480 http://secunia.com/advisories/41490 http://support.apple.com/kb/HT4077 ht • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2009-2687 – php: exif_read_data crash on corrupted JPEG files
https://notcve.org/view.php?id=CVE-2009-2687
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. La función exif_read_data en el módulo Exif en PHP anteriores v5.2.10 permite a atacantes remotos causar una denegación de servicio (caída) a través de una imagen JPEG mal formada con campos inválidos en offset, siendo un asunto diferente a CVE-2005-3353. • http://bugs.php.net/bug.php?id=48378 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://osvdb.org/55222 http://secunia.com/advisories/35441 http://secunia.com/advisories/36462 http://secunia.com/advisories/37482 http://secunia.com/advisories/40262 http://www.debian.org/security/2009/dsa-1940 http://www.mandriva.com/security/advisories?name=MDVSA-2009:145 http://www.mandriva.com/security • CWE-20: Improper Input Validation •
CVE-2007-1287 – PHP 4.4.3 < 4.4.6 - 'PHPinfo()' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1287
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. Un error de regresión en la función phpinfo de PHP 4.4.3 a 4.4.6, y PHP 6.0 en CVS, permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) mediante valores en los vectores GET, POST, o COOKIE, los cuales no son "escapados" en la salida de phpinfo, como fue originalmente apuntado en CVE-2005-3388. • https://www.exploit-db.com/exploits/3405 http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://us2.php.net/releases/4_4_7.php http://www.osvdb.org/32774 http://www.php-security.org/MOPB/MOPB-08-2007.html http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 •
CVE-2006-3017
https://notcve.org/view.php?id=CVE-2006-3017
zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21031 http://secunia.com/advisories/21050 •
CVE-2005-2075 – PHP-Fusion 6.00.105 - Accessible Database Backups Download
https://notcve.org/view.php?id=CVE-2005-2075
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0. • https://www.exploit-db.com/exploits/1068 http://dark-assassins.com/forum/viewtopic.php?t=142 http://secunia.com/advisories/15830 http://www.vupen.com/english/advisories/2005/0888 •