CVE-2010-3870 – PHP 5.3.2 - 'xml_utf8_decode()' UTF-8 Input Validation
https://notcve.org/view.php?id=CVE-2010-3870
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. La función utf8_decode en PHP anterior v5.3.4 no maneja adecuadamente la codificación UTF-8 corta y las secuencias malformadas en los datos UTF-8, lo que hace fácil para los atacantes remotos superar los mecanismos de protección en la secuencia de comandos en sitios cruzados (XSS) e inyección de SQL a través de cadenas manipuladas. • https://www.exploit-db.com/exploits/34950 http://bugs.php.net/bug.php?id=48230 http://bugs.php.net/bug.php?id=49687 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http: • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4156 – PHP 5.3.x - 'mb_strcut()' Information Disclosure
https://notcve.org/view.php?id=CVE-2010-4156
The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter). La función mb_strcut en Libmbfl v1.1.0, como el usado en PHP v5.3.x hasta v5.3.3, permite a atacantes dependientes del contexto obtener información potencialmente sensible a través de un valor largo del tercer parámetro (también conocido como parametro length. • https://www.exploit-db.com/exploits/34979 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://marc.info/?l=bugtraq&m=130331363227777&w=2 http://pastie.org/1279428 http://pastie.org/1279682 http://secunia.com/advisories/42135 http://secunia.com/advisories/42812 http://secunia.com/advisories/43189 http://www.mandriva.com/security/advisories?name=MDVSA-2010:225 http: • CWE-20: Improper Input Validation •
CVE-2010-3436
https://notcve.org/view.php?id=CVE-2010-3436
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename. fopen_wrappers.c en PHP v5.3.x hasta v5.3.3 podría permitir a atacantes remotos evitar las restricciones open_basedir a través de vectores relativos a la longitud del nombre de usuario. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://secunia.com/advisories/42729 http://secunia.com/advisories/42812 http://security-tracker.debian.org/tracker/CVE-2010-3436 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619 http://support.apple.com/kb/HT4581 http://support.apple.com/kb/HT5002 http://svn.php.net/viewvc/php/php-src • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-3709 – PHP 5.3.3/5.2.14 - ZipArchive::getArchiveComment Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2010-3709
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive. La función ZipArchive::getArchiveCommen en PHP v5.2.x hasta v5.2.14 y v5.3.3 hasta v5.3.x permite a atacantes dependientes de contexto para provocar una denegación de servicio (desreferencia a puntero NULL y caída de la aplicación) a través de un archivo ZIP manipulado. PHP versions 5.3.3 and 5.2.14 suffer from a ZipArchive::getArchiveComment NULL pointer dereference vulnerability. • https://www.exploit-db.com/exploits/15431 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://marc.info/?l=bugtraq&m=130331363227777&w=2 http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://secunia.com/advisories/42729 http://secunia.com/advisories/42812 http://securityreason.com/achievement_s • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVE-2010-3710 – php: DoS in filter_var() via long email string
https://notcve.org/view.php?id=CVE-2010-3710
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. Vulnerabilidad de consumo de pila en la función filter_var en PHP v5.2.x hasta v5.2.14 y v5.3.x hasta v5.3.3, cuando está activado el modo FILTER_VALIDATE_EMAIL, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída de la aplicación) a través del una cadena e-mail larga. • http://bugs.php.net/bug.php?id=52929 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://secunia.com/advisories/42812 http://secunia.com/advisories/43189 http://support.appl • CWE-399: Resource Management Errors •