CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 5CVE-2010-2100
https://notcve.org/view.php?id=CVE-2010-2100
27 May 2010 — The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. Las funciones (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, y (6) strtr en PHP v5.2 hasta v5.2.13 y v5.... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 6CVE-2010-2101
https://notcve.org/view.php?id=CVE-2010-2101
27 May 2010 — The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. Las funciones (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, y (6) str_pad functions en PHP v5.2 a la v5.2.13 y v5.3 a la v5.3.2, ... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2010-1915
https://notcve.org/view.php?id=CVE-2010-1915
12 May 2010 — The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory. La función preg_quote en PHP v5.2 hasta v.5.2.13 y v5.3 hasta v.5.3.2 permite a atacantes, dependiendo del contexto o... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 3CVE-2010-1914
https://notcve.org/view.php?id=CVE-2010-1914
12 May 2010 — The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. Zend Engine en PHP v5.2 hasta v5.2.13 y v5.3 hasta 5.3.2 permite a atacantes, dependiendo del contexto obtener información sensible interrumpiendo el manejador para... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 1CVE-2010-1917 – php: fnmatch long pattern stack memory exhaustion (MOPS-2010-021)
https://notcve.org/view.php?id=CVE-2010-1917
12 May 2010 — Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string. Una vulnerabilidad de consumo de pila en PHP v5.2 a v5.2.13 y v5.3 a través de v5.3.2 permite provocar, a determinados atacantes, según el contexto, una denegación de servicio (fallo de PHP) a través de un argumento modificado a la función fnmatch, como se demuestr... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 1CVE-2010-1868
https://notcve.org/view.php?id=CVE-2010-1868
07 May 2010 — The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. Las funciones (1) sqlite_single_query y (2) sqlite_array_query en ext/sqlite/sqlite.c en PHP v5.2 hasta v5.2.13 y 5.3 hasta v5.3.2 permiten a atacantes, dependiendo del contexto, ejecutar código de su elección mediant... • http://php-security.org/2010/05/07/mops-2010-012-php-sqlite_single_query-uninitialized-memory-usage-vulnerability/index.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 1CVE-2010-1860
https://notcve.org/view.php?id=CVE-2010-1860
07 May 2010 — The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature. La función html_entity_decode en PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 permite a atacantes dependiendo del contexto obtener información sensible (contenido de memoria) o provocar una corrupción de memoria... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 1CVE-2010-1862
https://notcve.org/view.php?id=CVE-2010-1862
07 May 2010 — The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. La función chunk_split en PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 permite a atacantes dependiendo del contexto obtener información sensible (contenido de memoria) provocando una interrupción del espacio de usuario de una función interna, ... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 1CVE-2010-1864
https://notcve.org/view.php?id=CVE-2010-1864
07 May 2010 — The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. La función addcslashes en PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 permite a atacantes dependiendo del contexto obtener información sensible (contenido de memoria) provocando una interrupción de espacio de usuario en una función interna, r... • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 3%CPEs: 7EXPL: 2CVE-2010-1866 – PHP 5.3 - 'PHP_dechunk()' HTTP Chunked Encoding Integer Overflow
https://notcve.org/view.php?id=CVE-2010-1866
07 May 2010 — The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. El filtro dechunk en PHP 5.3 hasta v.5.3.2, cuando se decodifica un cadena HTTP fragmentada, permite a atacantes depediendo del contexto provocar una denegación de servicio (caída) y posib... • https://www.exploit-db.com/exploits/33920 • CWE-190: Integer Overflow or Wraparound •