CVE-2009-4142 – PHP 5.2.11 - 'htmlspecialCharacters()' Malformed Multibyte Character Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-4142
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. La función htmlspecialchars en PHP versiones anteriores a v5.2.12 no maneja adecuadamente (1) secuencias UTF-8 demasiado largas, (2) secuencias inválidas Shift_JIS, y (39 secuencias inválidas EUC-JP, permitiendo a atacantes remotos dirigir ataques de secuencias de comandos en sitios cruzados (XSS) poniendo secuencias de bytes modificados antes de un carácter especial. • https://www.exploit-db.com/exploits/33414 https://www.exploit-db.com/exploits/33415 http://bugs.php.net/bug.php?id=49785 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://secunia.com/advisories/37821 http://secunia.com/advisories/38648 http://secunia.com/advisories/40262 http://securitytracker.com/id?1023372 http://support.apple.com/kb/HT4077 http://www.debian.org/security/2010/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-2626 – PHP 5.2.10/5.3.0 - 'ini_restore()' Memory Information Disclosure
https://notcve.org/view.php?id=CVE-2009-2626
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. La función zend_restore_ini_entry_cb en zend_ini.c en PHP v5.3.0, v5.2.10, y anteriores permite a atacantes dependientes del contexto conseguir información sensible (contenidos de memoria) y produce una caída PHP mediante la utilización de la función ini_set para declarar una variable, cuando se utiliza la funcion ini_restore para restaurar la variable. PHP suffers from an ini_restore() related memory information disclosure vulnerability. • https://www.exploit-db.com/exploits/10296 https://www.exploit-db.com/exploits/33162 https://www.exploit-db.com/exploits/33163 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540605 http://secunia.com/advisories/37482 http://securityreason.com/achievement_securityalert/65 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/Zend/zend_ini.c?r1=272370&r2=284156 http://www.debian.org/security/2009/dsa-1940 http://www.securityfocus.com/bid/36009 •
CVE-2009-4018 – Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass
https://notcve.org/view.php?id=CVE-2009-4018
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable. La función proc_open en ext/standard/proc_open.c en PHP anterior a v5.2.11 y v5.3.x anterior a v5.3.1 no aplica adecuadamente las directivas (1) safe_mode_allowed_env_vars y (2) safe_mode_protected_env_vars, lo que permite dependientes del contexto a atacantes ejecutar programas con un entorno de su elección a través del parámetro env, como se ha demostrado por un valor manipulado de la variable del entorno LD_LIBRARY_PATH. • https://www.exploit-db.com/exploits/11636 http://bugs.php.net/bug.php?id=49026 http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://marc.info/?l=oss-security&m=125886770008678&w=2 http://marc.info/?l=oss-security&m=125897935330618&w=2 http://secunia.com/advisories/40262 http://secunia.com/advisories/41480 http://secunia.com/advisories/41490 http://svn.php.net/viewvc/? • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-4017 – PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service
https://notcve.org/view.php?id=CVE-2009-4017
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive. PHP v5.2.11, y v5.3.x antes de v5.3.1, no restringen el número de archivos temporales creados al manipular una solicitud POST multipart/form-data, lo que permite a atacantes remotos causar una denegación de servicio (por agotamiento de recursos), y facilita a los atacantes remotos aprovecharse de las vulnerabilidades de inclusión de archivos locales, a través de múltiples peticiones, en relación a la falta de apoyo a la directiva max_file_uploads. • https://www.exploit-db.com/exploits/10242 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://news.php.net/php.announce/79 http://seclists.org/fulldisclosure/2009/Nov/228 http://secunia.com/advisories/37482 http://secunia.com/advisories/37821 http://secunia.com/advisories/40262 http://secunia.com/advisories/41480 http://secunia.com/advisories/41490 http://support.apple.com/kb/HT4077 ht • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2009-3558
https://notcve.org/view.php?id=CVE-2009-3558
The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file. La función posix_mkfifo de ext/posix/posix.c de PHP v5.2.11 y anteriores, y v5.3.x anteriores a la v5.3.1, permite a atacantes dependiendo del contexto evitar las restricciones open_basedir, y crear ficheros FIFO, a través de los argumentos "pathname" y "mode", como se ha demostrado creando un fichero .htaccess. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://news.php.net/php.announce/79 http://secunia.com/advisories/37412 http://secunia.com/advisories/37821 http://securityreason.com/securityalert/6600 http://support.apple.com/kb/HT4077 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/posix/posix.c?view=log http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/posix/posix.c?view=log http://svn.php.net/viewvc?v • CWE-264: Permissions, Privileges, and Access Controls •