CVSS: 6.4EPSS: 0%CPEs: 13EXPL: 2CVE-2010-1128 – PHP 5.3.1 - LCG Entropy Security
https://notcve.org/view.php?id=CVE-2010-1128
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function. El Linear Congruential Generator (LCG) en PHP anteriores a v5.2.13 no provee la entropía esperada, lo que hace más fácil para atacantes dependiendo del contexto adivinar valores que deberían ser impredecibles, como se demostró con cookies de sesión generadas utilizando la función uniqid. • https://www.exploit-db.com/exploits/33677 http://secunia.com/advisories/38708 http://secunia.com/advisories/42410 http://www.php.net/ChangeLog-5.php http://www.php.net/releases/5_2_13.php http://www.redhat.com/support/errata/RHSA-2010-0919.html http://www.securityfocus.com/bid/38430 http://www.vupen.com/english/advisories/2010/0479 http://www.vupen.com/english/advisories/2010/3081 https://access.redhat.com/security/cve/CVE-2010-1128 https://bugzilla.redhat& • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 38EXPL: 0CVE-2009-4418
https://notcve.org/view.php?id=CVE-2009-4418
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences. La función deserializada (unserialize) en PHP 5.3.0 y anteriores permite a atacantes dependientes del contexto causar una denegación de servicio (consumo de recursos) a través una variables anidadas profundamente, como queda demostrada con una cadena inicializada con a:1: seguida de una larga secuencia {a:1: . • http://www.suspekt.org/2009/11/28/shocking-news-in-php-exploitation http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 1%CPEs: 108EXPL: 0CVE-2009-4143
https://notcve.org/view.php?id=CVE-2009-4143
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. PHP versiones anteriores a v5.2.12 no maneja adecuadamente los datos de sesión, teniendo un impacto no especificado y vectores de ataque relacionado con (1) la interrupción de corrupción de la selección SESSION superglobal y (2) la directiva session.save_path. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://secunia.com/advisories/37821 http://secunia.com/advisories/38648 http://secunia.com/advisories/40262 http://secunia.com/advisories/41480 http://secunia.com/advisories/41490 http://support.apple.com/kb/HT4077 http://www.debian.org/security/2010/dsa-2001 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 http://ww •
CVSS: 4.3EPSS: 2%CPEs: 111EXPL: 4CVE-2009-4142 – PHP 5.2.11 - 'htmlspecialCharacters()' Malformed Multibyte Character Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-4142
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. La función htmlspecialchars en PHP versiones anteriores a v5.2.12 no maneja adecuadamente (1) secuencias UTF-8 demasiado largas, (2) secuencias inválidas Shift_JIS, y (39 secuencias inválidas EUC-JP, permitiendo a atacantes remotos dirigir ataques de secuencias de comandos en sitios cruzados (XSS) poniendo secuencias de bytes modificados antes de un carácter especial. • https://www.exploit-db.com/exploits/33414 https://www.exploit-db.com/exploits/33415 http://bugs.php.net/bug.php?id=49785 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://secunia.com/advisories/37821 http://secunia.com/advisories/38648 http://secunia.com/advisories/40262 http://securitytracker.com/id?1023372 http://support.apple.com/kb/HT4077 http://www.debian.org/security/2010/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 1%CPEs: 110EXPL: 4CVE-2009-2626 – PHP 5.2.10/5.3.0 - 'ini_restore()' Memory Information Disclosure
https://notcve.org/view.php?id=CVE-2009-2626
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. La función zend_restore_ini_entry_cb en zend_ini.c en PHP v5.3.0, v5.2.10, y anteriores permite a atacantes dependientes del contexto conseguir información sensible (contenidos de memoria) y produce una caída PHP mediante la utilización de la función ini_set para declarar una variable, cuando se utiliza la funcion ini_restore para restaurar la variable. PHP suffers from an ini_restore() related memory information disclosure vulnerability. • https://www.exploit-db.com/exploits/10296 https://www.exploit-db.com/exploits/33162 https://www.exploit-db.com/exploits/33163 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540605 http://secunia.com/advisories/37482 http://securityreason.com/achievement_securityalert/65 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/Zend/zend_ini.c?r1=272370&r2=284156 http://www.debian.org/security/2009/dsa-1940 http://www.securityfocus.com/bid/36009 •