CVSS: 5.0EPSS: 0%CPEs: 108EXPL: 1CVE-2006-7243 – php: paths with NULL character were considered valid
https://notcve.org/view.php?id=CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. PHP anterior a v5.3.4 acepta el caracter \0 en un nombre de ruta, lo que podría permitir a atacantes dependientes de contexto eludir las restricciones de acceso colocando una extensión de archivo después de este caracter, como se demuestra con .php\0.jpg al final del argumento de la función file_exists. • http://bugs.php.net/39863 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://marc.info/?l=bugtraq&m=132871655717248&w=2 http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://openwall.com/lists/oss-security/2010/11/18&# • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 5.0EPSS: 2%CPEs: 69EXPL: 2CVE-2010-4409 – PHP 5.3.3 - NumberFormatter::getSymbol Integer Overflow
https://notcve.org/view.php?id=CVE-2010-4409
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument. Desbordamienteo de entero en la función NumberFormatter::getSymbol (numfmt_get_symbol) de PHP 5.3.3 y versiones anteriores. Permite a atacantes dependiendo del contexto provocar una denegación de servicio (caída de la aplicación) a través de un argumento inválido. PHP version 5.3.3 suffers from a NumberFormatter::getSymbol integer overflow vulnerability. • https://www.exploit-db.com/exploits/15722 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html http://secunia.com/advisories/42812 http://secunia.com/advisories/47674 http://support.apple.com/kb/HT4581 http://svn.php.net/viewvc/php/php-src& • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 1%CPEs: 14EXPL: 0CVE-2010-4150
https://notcve.org/view.php?id=CVE-2010-4150
Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Doble vulnerabilidad en la función imap_do_open en la extensión IMAP (ext/IMAP/php_imap.c) en PHP v5.2 antes de v5.2.15 y v5.3 antes de v5.3.4 permite a atacantes provocar una denegación de servicio (por corrupción de memoria) o posiblemente ejecutar código de su elección a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://secunia.com/advisories/42729 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619 http://support.apple.com/kb/HT4581 http://svn.php.net/viewvc?view=revision&am • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 88EXPL: 3CVE-2009-5016 – php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string
https://notcve.org/view.php?id=CVE-2009-5016
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870. Desbordamiento de enteros en xml_utf8_decode function in ext/xml/xml.c in PHP anterior v5.2.11 hace fácil para atacantes remotos superar los mecanismos de protección de secuencia de comandos en sitios cruzados (XSS) e inyección SQL a través de cadenas manipuladas que usa una codificación UTF-8 demasiado larga, una vulnerabilidad diferente que CVE-2010-3870. • http://bugs.php.net/bug.php?id=49687 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://secunia.com/advisories/42410 http://secunia.com/advisories/42812 http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf http://www.redhat.com/support/errata/RHSA-20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 7CVE-2010-3870 – PHP 5.3.2 - 'xml_utf8_decode()' UTF-8 Input Validation
https://notcve.org/view.php?id=CVE-2010-3870
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. La función utf8_decode en PHP anterior v5.3.4 no maneja adecuadamente la codificación UTF-8 corta y las secuencias malformadas en los datos UTF-8, lo que hace fácil para los atacantes remotos superar los mecanismos de protección en la secuencia de comandos en sitios cruzados (XSS) e inyección de SQL a través de cadenas manipuladas. • https://www.exploit-db.com/exploits/34950 http://bugs.php.net/bug.php?id=48230 http://bugs.php.net/bug.php?id=49687 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http:&# • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •