Page 56 of 298 results (0.017 seconds)

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2010-3063

https://notcve.org/view.php?id=CVE-2010-3063

The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used. La función php_mysqlnd_read_error_from_line en la extensión Mysqlnd en PHP v5.3 hasta v5.3.2 no calcula adecuadamente la longitud del búfer, lo que permite a atacantes dependiendo del contexto desencadenar un desbordamiento de búfer basado en memoria dinámica a través de entradas manipuladas que provocan que un valor de longitud negativo sea utilizado. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://php-security.org/2010/05/31/mops-2010-058-php-php_mysqlnd_read_error_from_line-buffer-overflow-vulnerability/index.html http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703 http://svn.php.net/viewvc?view=revision&revision=298703 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 1

CVE-2010-3065 – php: session serializer session data injection vulnerability (MOPS-2010-060)

https://notcve.org/view.php?id=CVE-2010-3065

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name. El serializador de sesión por defecto en PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 no maneja adecuadamente PS_UNDEF_MARKER marker, lo que permite dependiendo del contexto a atacantes modificar variables de sesión de su elección a través de un nombre de variable de sesión manipulado. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://php-security.org/2010/05/31/mops-2010-060-php-session-serializer-session-data-injection-vulnerability/index.html http://secunia.com/advisories/42410 http://www.debian.org/security/2010/dsa-2089 http://www.redhat.com/support/errata/RHSA-2010-0919.html http://www.vupen.com/english/advisories/2010/3081 https://access.redhat.com/security • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0

CVE-2010-3062

https://notcve.org/view.php?id=CVE-2010-3062

mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function. mysqlnd_wireprotocol.c en la extensión Mysqlnd en PHP v5.3 hasta v5.3.2 permite a atacantes remotos (1)leer memoria sensible a através de un valor de longitud manipulado, no siendo manejado adecuadamente por la función php_mysqlnd_ok_read; o (2) desencadenando un desbordamiento de búfer basado en memoria dinámica a través de un valor de longitud modificado, no siendo manejado adecuadamente por la función php_mysqlnd_rset_header_read. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://php-security.org/2010/05/31/mops-2010-056-php-php_mysqlnd_ok_read-information-leak-vulnerability/index.html http://php-security.org/2010/05/31/mops-2010-057-php-php_mysqlnd_rset_header_read-buffer-overflow-vulnerability/index.html http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703 http:/&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 0

CVE-2010-2531 – php: information leak vulnerability in var_export()

https://notcve.org/view.php?id=CVE-2010-2531

The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion. La función var_export en PHP v5.2 anterior a v5.2.14 y v5.3 anterior a v5.3.3 vacía el búfer de salida para el usuario cuando se producen ciertos errores graves, incluso cuando display_errors está apagado, lo que permite a atacantes remotos obtener información sensible provocando que la aplicación exceda los límites de memoria, tiempo de ejecución, o recursividad. • http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=130331363227777&w=2 http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://secunia.com/advisories/42410 http://support.apple.com/kb/HT4312 http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 3%CPEs: 17EXPL: 1

CVE-2010-2225

https://notcve.org/view.php?id=CVE-2010-2225

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function. Vulnerabilidad de uso después de la liberación (Use-after-free) en deserializador SplObjectStorage en PHP v5.2.x y v5.3.x hasta v5.3.2 permite a atacantes remotos ejecutar código de su elección u obtener información sensible a través de datos serializados, relacionados con la función de PHP unserialize. • http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://pastebin.com/mXGidCsd http://secunia.com/advisories/40860 http://support.apple.com/kb/HT4312 http://twitter.com/i0n1c/statuses/16373156076 http://twitter.com/i0n1c/statuses/16447867829 http://www.debian& • CWE-399: Resource Management Errors •