CVSS: 7.5EPSS: 1%CPEs: 104EXPL: 0CVE-2011-1153
https://notcve.org/view.php?id=CVE-2011-1153
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call. Múltiples vulnerabilidades de formato de cadena en phar_object.c en la extensión phar en PHP v5.3.5 y anteriores, permite a atacantes dependiendo del contexto, obtener información sensible de los procesos de memoria, provocar una denegación de servicio (corrupción de memoria), o posiblemente ejecutar código arbitrario a través de las especificaciones de cadena en el argumento del método de class, anterior a una llamada zend_throw_exception_ex incorrecta. • http://bugs.php.net/bug.php?id=54247 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html http://openwall.com/lists/oss-security/2011/03/14/13 http://openwall.com/lists/oss-security/2011/03/14/14 http://openwall.com/list • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 2%CPEs: 110EXPL: 5CVE-2011-1092 – PHP 5.3.6 - 'shmop_read()' Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2011-1092
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. Desbordamiento de entero en ext/shmop/shmop.c en PHP antes de v5.3.6, permite a usuarios locales o remotos provocar una denegación de servicio (caida) y posiblemente leer información sensible de la memoria a través de largos argumentos en la funcion shmop_read • https://www.exploit-db.com/exploits/16966 http://bugs.php.net/bug.php?id=54193 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://securityreason.com/securityalert/8130 http://support.apple.com/kb/HT5002 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/shmop/shmop.c?r1=306939&r2=309018&pathrev=309018 http://www.exploit-db.com/exploits/16966 http://www.mandriva.com/secur • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 8%CPEs: 110EXPL: 4CVE-2011-0708 – PHP 'Exif' Extension - 'exif_read_data()' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-0708
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. exif.c en la extensión Exif en PHP anterior a v5.3.6 en plataformas de 64 bits realiza una asociación incorrecta, lo que permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una imagen con una Image File Directory (IFD) que provoca una sobre lectura del búfer. PHP versions 5.3.5 and below are susceptible to a denial of service condition in the Exif extension exif_read_data() function. • https://www.exploit-db.com/exploits/16261 http://bugs.php.net/bug.php?id=54002 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://openwall.com/lists/oss-security/2011&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 5CVE-2011-0420 – PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2011-0420
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. La función grapheme_extract en la extensión de Internacionalización (Intl) para ICU para PHP v5.3.5 permite provocar una denegación de servicio (con caída de la aplicación) a atacantes dependientes del contexto a través de un argumento de tamaño no válido, lo que provoca una desreferencia de puntero NULL. PHP version 5.2.5 suffers from a grapheme_extract() null pointer dereference vulnerability. • https://www.exploit-db.com/exploits/16182 https://www.exploit-db.com/exploits/35354 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://securityreason.com/achievement_securityalert/94 http://securityreason.com/securityalert/8087 http://support.apple.com/kb/HT5002 http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449 http://www.debian.org/security/2011/dsa-2266 http://www.exploit-db.com& •
CVSS: 4.4EPSS: 0%CPEs: 70EXPL: 0CVE-2011-0754
https://notcve.org/view.php?id=CVE-2011-0754
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. La función SplFileInfo::getType PHP Library (SPL) en la extensión en PHP anterior a v5.3.4 en Windows no detecta correctamente los enlaces simbólicos, lo que podría facilitar a los usuarios locales el realizar ataques de enlace simbólico mediante el aprovechamiento de las diferencias entre plataformas en el estructura stat, relacionada con la falta de un control FILE_ATTRIBUTE_REPARSE_POINT. • http://bugs.php.net/51763 http://www.php.net/ChangeLog-5.php https://exchange.xforce.ibmcloud.com/vulnerabilities/65429 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12334 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •