Page 56 of 279 results (0.008 seconds)

CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 1

CVE-2010-2950 – php: Format string flaw in phar extension via phar_stream_flush() (MOPS-2010-024)

https://notcve.org/view.php?id=CVE-2010-2950

Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094. Vulnerabilidad de formato de cadena en stream.c en la extensión phar en PHP v5.3.x hasta v5.3.3 permite a atacantes dependientes del contexto obtener información sensible (contenidos de memoria) y probablemente ejecutar código de su elección a través de URI phar:// manipuladas que no manejan adecuadamente por la función har_stream_flush, dando lugar a errores en la función php_stream_wrapper_log_error. NOTA: Esta vulnerabilidad existe por una solución incompleta para CVE-2010-2094. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=bugtraq&m=130331363227777&w=2 http://php-security.org/2010/05/14/mops-2010-024-php-phar_stream_flush-format-string-vulnerability/index.html http://security-tracker.debian.org/tracker/CVE-2010-2950 http://support.apple.com/kb/HT4581 http://svn.php.net/viewvc?view=revision&revision=302565 http://www.mandriva.com/secu • CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.5EPSS: 1%CPEs: 76EXPL: 0

CVE-2007-1888

https://notcve.org/view.php?id=CVE-2007-1888

Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API. Un desbordamiento de búfer en la función sqlite_decode_binary en el archivo src/encode.c en SQLite versión 2, tal como es utilizado por PHP versión 4.x hasta 5.x y otras aplicaciones, permite a los atacantes dependiendo del contexto ejecutar código arbitrario por medio de un valor vacío del parámetro in. NOTA: algunas instalaciones PHP utilizan una versión empaquetada de sqlite sin esta vulnerabilidad. • http://osvdb.org/39177 http://secunia.com/advisories/25057 http://www.attrition.org/pipermail/vim/2007-April/001540.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:091 http://www.php-security.org/MOPB/MOPB-41-2007.html http://www.sqlite.org/cvstrac/rlog?f=sqlite/src/encode.c http://www.ubuntu.com/usn/usn-455-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/38518 •

CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 2

CVE-2007-1287 – PHP 4.4.3 < 4.4.6 - 'PHPinfo()' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2007-1287

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. Un error de regresión en la función phpinfo de PHP 4.4.3 a 4.4.6, y PHP 6.0 en CVS, permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) mediante valores en los vectores GET, POST, o COOKIE, los cuales no son "escapados" en la salida de phpinfo, como fue originalmente apuntado en CVE-2005-3388. • https://www.exploit-db.com/exploits/3405 http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://us2.php.net/releases/4_4_7.php http://www.osvdb.org/32774 http://www.php-security.org/MOPB/MOPB-08-2007.html http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 •

CVSS: 9.3EPSS: 5%CPEs: 85EXPL: 0

CVE-2006-3017

https://notcve.org/view.php?id=CVE-2006-3017

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21031 http://secunia.com/advisories/21050 •