CVE-2010-3436
https://notcve.org/view.php?id=CVE-2010-3436
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename. fopen_wrappers.c en PHP v5.3.x hasta v5.3.3 podría permitir a atacantes remotos evitar las restricciones open_basedir a través de vectores relativos a la longitud del nombre de usuario. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://secunia.com/advisories/42729 http://secunia.com/advisories/42812 http://security-tracker.debian.org/tracker/CVE-2010-3436 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619 http://support.apple.com/kb/HT4581 http://support.apple.com/kb/HT5002 http://svn.php.net/viewvc/php/php-src • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-3709 – PHP 5.3.3/5.2.14 - ZipArchive::getArchiveComment Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2010-3709
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive. La función ZipArchive::getArchiveCommen en PHP v5.2.x hasta v5.2.14 y v5.3.3 hasta v5.3.x permite a atacantes dependientes de contexto para provocar una denegación de servicio (desreferencia a puntero NULL y caída de la aplicación) a través de un archivo ZIP manipulado. PHP versions 5.3.3 and 5.2.14 suffer from a ZipArchive::getArchiveComment NULL pointer dereference vulnerability. • https://www.exploit-db.com/exploits/15431 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://marc.info/?l=bugtraq&m=130331363227777&w=2 http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://secunia.com/advisories/42729 http://secunia.com/advisories/42812 http://securityreason.com/achievement_s • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVE-2010-3710 – php: DoS in filter_var() via long email string
https://notcve.org/view.php?id=CVE-2010-3710
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. Vulnerabilidad de consumo de pila en la función filter_var en PHP v5.2.x hasta v5.2.14 y v5.3.x hasta v5.3.3, cuando está activado el modo FILTER_VALIDATE_EMAIL, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída de la aplicación) a través del una cadena e-mail larga. • http://bugs.php.net/bug.php?id=52929 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://secunia.com/advisories/42812 http://secunia.com/advisories/43189 http://support.appl • CWE-399: Resource Management Errors •
CVE-2010-2950 – php: Format string flaw in phar extension via phar_stream_flush() (MOPS-2010-024)
https://notcve.org/view.php?id=CVE-2010-2950
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094. Vulnerabilidad de formato de cadena en stream.c en la extensión phar en PHP v5.3.x hasta v5.3.3 permite a atacantes dependientes del contexto obtener información sensible (contenidos de memoria) y probablemente ejecutar código de su elección a través de URI phar:// manipuladas que no manejan adecuadamente por la función har_stream_flush, dando lugar a errores en la función php_stream_wrapper_log_error. NOTA: Esta vulnerabilidad existe por una solución incompleta para CVE-2010-2094. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=bugtraq&m=130331363227777&w=2 http://php-security.org/2010/05/14/mops-2010-024-php-phar_stream_flush-format-string-vulnerability/index.html http://security-tracker.debian.org/tracker/CVE-2010-2950 http://support.apple.com/kb/HT4581 http://svn.php.net/viewvc?view=revision&revision=302565 http://www.mandriva.com/secu • CWE-134: Use of Externally-Controlled Format String •
CVE-2010-3064
https://notcve.org/view.php?id=CVE-2010-3064
Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function. Desbordamiento de búfer basado en pila en la función php_mysqlnd_auth_write en la extensión Mysqlnd en PHP v5.3 hasta v5.3.2 permite dependiendo del contexto a atacantes provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de un 1) nombre de usuario o (2) argumento de nombre de base de datos a (a) mysql_connect o (b) mysqli_connect function largo. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://php-security.org/2010/05/31/mops-2010-059-php-php_mysqlnd_auth_write-stack-buffer-overflow-vulnerability/index.html http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703 http://svn.php.net/viewvc?view=revision&revision=298703 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •