Page 49 of 245 results (0.013 seconds)

CVSS: 5.0EPSS: 1%CPEs: 28EXPL: 0

CVE-2011-4078

https://notcve.org/view.php?id=CVE-2011-4078

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379. inclinclude/iniset.php en Roundcube Webmail v0.5.4 y anteriores, cuando PHP v5.3.7 o v5.3.8 se utiliza, permite a atacantes remotos provocar una solicitud GET para una dirección arbitraria, y provocar una denegación de servicio (consumo de recursos y la interrupción de la bandeja de entrada), a través de un encabezado de asunto que sólo contiene una URL, un asunto relacionado con CVE-2011-3379. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://openwall.com/lists/oss-security/2011/10/26/6 http://trac.roundcube.net/ticket/1488086 http://www.securityfocus.com/bid/50402 https://exchange.xforce.ibmcloud.com/vulnerabilities/71025 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1

CVE-2011-3189

https://notcve.org/view.php?id=CVE-2011-3189

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483. La función de cifrado en PHP v5.3.7, cuando el tipo de hash MD5 se utiliza, se devuelve el valor del argumento en vez de la cadena hash, lo que podría permitir a atacantes remotos evitar la autenticación a través de una contraseña arbitraria, una vulnerabilidad diferente a CVE-2011-2483. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://osvdb.org/74726 http://secunia.com/advisories/45678 http://support.apple.com/kb/HT5130 http://www.openwall.com/lists/oss-security/2011/08/23/4 http://www.php.net/ChangeLog-5.php#5.3.8 http://www.php.net/archive/2011.php#id2011-08-23-1 https://bugs.gentoo.org/show_bug.cgi?id=380261 https://bugs.php.net/bug.php?id=55439 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 1%CPEs: 76EXPL: 0

CVE-2007-1888

https://notcve.org/view.php?id=CVE-2007-1888

Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API. Un desbordamiento de búfer en la función sqlite_decode_binary en el archivo src/encode.c en SQLite versión 2, tal como es utilizado por PHP versión 4.x hasta 5.x y otras aplicaciones, permite a los atacantes dependiendo del contexto ejecutar código arbitrario por medio de un valor vacío del parámetro in. NOTA: algunas instalaciones PHP utilizan una versión empaquetada de sqlite sin esta vulnerabilidad. • http://osvdb.org/39177 http://secunia.com/advisories/25057 http://www.attrition.org/pipermail/vim/2007-April/001540.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:091 http://www.php-security.org/MOPB/MOPB-41-2007.html http://www.sqlite.org/cvstrac/rlog?f=sqlite/src/encode.c http://www.ubuntu.com/usn/usn-455-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/38518 •

CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 2

CVE-2007-1287 – PHP 4.4.3 < 4.4.6 - 'PHPinfo()' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2007-1287

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. Un error de regresión en la función phpinfo de PHP 4.4.3 a 4.4.6, y PHP 6.0 en CVS, permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) mediante valores en los vectores GET, POST, o COOKIE, los cuales no son "escapados" en la salida de phpinfo, como fue originalmente apuntado en CVE-2005-3388. • https://www.exploit-db.com/exploits/3405 http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://us2.php.net/releases/4_4_7.php http://www.osvdb.org/32774 http://www.php-security.org/MOPB/MOPB-08-2007.html http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 •

CVSS: 9.3EPSS: 5%CPEs: 85EXPL: 0

CVE-2006-3017

https://notcve.org/view.php?id=CVE-2006-3017

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21031 http://secunia.com/advisories/21050 •