Page 55 of 294 results (0.008 seconds)

CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 3

CVE-2010-2097

https://notcve.org/view.php?id=CVE-2010-2097

The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. Las funciones (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode en PHP v5.2 a la v5.2.13 y v5.3 a la v5.3.2, permiten a atacantes dependientes del contexto obtener información sensible (contenido de la memoria) provocando una interrupción del espacio de usuario de una función interna. Relacionado con la llamada por referencia de la funcionalidad "time pass". • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/18/mops-2010-034- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 5

CVE-2010-2100

https://notcve.org/view.php?id=CVE-2010-2100

The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. Las funciones (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, y (6) strtr en PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 permite a atacantes dependientes del contexto obtener información sensible (contenidos de memoria) provocando una interrupción del espacio de usuario de una función interna, relativo a la característica paso de tiempo de llamada por referencia. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/21/mops-20 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 6

CVE-2010-2101

https://notcve.org/view.php?id=CVE-2010-2101

The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. Las funciones (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, y (6) str_pad functions en PHP v5.2 a la v5.2.13 y v5.3 a la v5.3.2, permiten a atacantes dependientes del contexto obtener información sensible (contenido de la memoria) provocando una interrupción de una función externa. Relacionado con la llamada por referencia de la funcionalidad "time pass". • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://php-security.org/2010/05/26/mops-2010-041-php-strip_tags-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/26/mops-2010-042-php-setcookie-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/26/mops-2010-043-php-strtok • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0

CVE-2010-1915

https://notcve.org/view.php?id=CVE-2010-1915

The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory. La función preg_quote en PHP v5.2 hasta v.5.2.13 y v5.3 hasta v.5.3.2 permite a atacantes, dependiendo del contexto obtener información sensible (contenido de memoria) provocando una interrupción del espacio de usuario de una función interna relativa, a la característica paso de tiempo de llamada por referencia, modificando ZVALs cuyos valores no son actualizados en la asociación local de variables, y accede a memoria previamente liberada. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://www.php-security.org/2010/05/09/mops-2010-017-php-preg_quote-interruption-information-leak-vulnerability/index.html https://exchange.xforce.ibmcloud.com/vulnerabilities/58586 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 3

CVE-2010-1914

https://notcve.org/view.php?id=CVE-2010-1914

The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. Zend Engine en PHP v5.2 hasta v5.2.13 y v5.3 hasta 5.3.2 permite a atacantes, dependiendo del contexto obtener información sensible interrumpiendo el manejador para (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function) o (3) ZEND_SR opcode (shift_right_function), relacionado a la función convert_to_long_base. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://www.php-security.org/2010/05/08/mops-2010-014-php-zend_bw_xor-opcode-interruption-address-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/08/mops-2010-015-php-zend_sl-opcode-interruption-address-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/08/mops-2010-016-php-zend_sr-opcode-interr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •