CVSS: 7.5EPSS: 2%CPEs: 110EXPL: 5CVE-2011-1092 – PHP 5.3.6 - 'shmop_read()' Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2011-1092
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. Desbordamiento de entero en ext/shmop/shmop.c en PHP antes de v5.3.6, permite a usuarios locales o remotos provocar una denegación de servicio (caida) y posiblemente leer información sensible de la memoria a través de largos argumentos en la funcion shmop_read • https://www.exploit-db.com/exploits/16966 http://bugs.php.net/bug.php?id=54193 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://securityreason.com/securityalert/8130 http://support.apple.com/kb/HT5002 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/shmop/shmop.c?r1=306939&r2=309018&pathrev=309018 http://www.exploit-db.com/exploits/16966 http://www.mandriva.com/secur • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 8%CPEs: 110EXPL: 4CVE-2011-0708 – PHP 'Exif' Extension - 'exif_read_data()' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-0708
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. exif.c en la extensión Exif en PHP anterior a v5.3.6 en plataformas de 64 bits realiza una asociación incorrecta, lo que permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una imagen con una Image File Directory (IFD) que provoca una sobre lectura del búfer. PHP versions 5.3.5 and below are susceptible to a denial of service condition in the Exif extension exif_read_data() function. • https://www.exploit-db.com/exploits/16261 http://bugs.php.net/bug.php?id=54002 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://openwall.com/lists/oss-security/2011&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 69EXPL: 0CVE-2011-0753
https://notcve.org/view.php?id=CVE-2011-0753
Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals. Condición de carrera en la extensión PCNTL en PHP anteriores a 5.3.4, cuando existe un gestor de señal definido por el usuario, podría permitir a atacantes dependiendo del contexto provocar una denegación de servicio (corrupción de memoria) a través de un número de señales muy grande. • http://bugs.php.net/52784 http://www.php.net/ChangeLog-5.php https://exchange.xforce.ibmcloud.com/vulnerabilities/65431 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12271 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 0%CPEs: 99EXPL: 0CVE-2011-0752
https://notcve.org/view.php?id=CVE-2011-0752
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758. La función Extract en PHP anteriores a v5.2.15 no previenen la utilización del parámetro EXTR_OVERWRITE para sobreescribir (1) la tabla superglobal GLOBALS y (2) la variable this, lo que permite a atacantes dependientes de contexto eludir las restricciones de acceso previsto por la modificación de estructuras de datos que no estaban destinadas a depender de entradas externas, relacionado con CVE-2005-2691 y CVE-2006 3758. • http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://www.openwall.com/lists/oss-security/2010/12/13/4 http://www.php.net/ChangeLog-5.php http://www.php.net/archive/2010.php#id2010-12-10-1 http://www.php.net/releases/5_2_15.php https://exchange.xforce.ibmcloud.com/vulnerabilities/65432 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12016 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 70EXPL: 0CVE-2011-0754
https://notcve.org/view.php?id=CVE-2011-0754
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. La función SplFileInfo::getType PHP Library (SPL) en la extensión en PHP anterior a v5.3.4 en Windows no detecta correctamente los enlaces simbólicos, lo que podría facilitar a los usuarios locales el realizar ataques de enlace simbólico mediante el aprovechamiento de las diferencias entre plataformas en el estructura stat, relacionada con la falta de un control FILE_ATTRIBUTE_REPARSE_POINT. • http://bugs.php.net/51763 http://www.php.net/ChangeLog-5.php https://exchange.xforce.ibmcloud.com/vulnerabilities/65429 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12334 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •