Page 57 of 298 results (0.004 seconds)

CVSS: 6.4EPSS: 0%CPEs: 17EXPL: 7

CVE-2010-2191

https://notcve.org/view.php?id=CVE-2010-2191

The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature. Las funciones (1) parse_str, (2) preg_match (3), unpack, y (4) pack; los opcodes (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, y (7) ZEND_ASSIGN_CONCAT, y el metodo (8) ArrayObject::uasort de PHP v5.2 a v5.2.13 y v5.3 a v5.3.2 permiten obtener a atacantes información sensible variable en función del contexto (el contenido de la memoria) u ocasionar una corrupción de memoria al causar una interrupción del espacio de usuario de un controlador o una función interna. NOTA: los vectores del 2 al 4 están relacionados con el paso del tiempo de llamada por referencia. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://www.php-security.org/2010/05/31/mops-2010-049-php-parse_str-interruption-memory-corruption-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-050-php-preg_match-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 2

CVE-2010-2190

https://notcve.org/view.php?id=CVE-2010-2190

The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. Las funciones (1) trim, (2) ltrim, (3) rtrim, y (4) substr_replace en PHP v5.2 a v5.2.13 y v5.3 a v5.3.2 permiten obtener a atacantes información sensible variable en función del contexto (el contenido de la memoria) provocando una interrupción del espacio de usuario de una función interna, relacionado con la llamada por referencia de la funcionalidad "time pass". • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://www.php-security.org/2010/05/30/mops-2010-047-php-trimltrimrtrim-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/30/mops-2010-048-php-substr_replace-interruption-information-leak-vulnerability/index.html https://exchange.xforce.ibmcloud.com/vulnerabilities/59220 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 6

CVE-2010-2101

https://notcve.org/view.php?id=CVE-2010-2101

The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. Las funciones (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, y (6) str_pad functions en PHP v5.2 a la v5.2.13 y v5.3 a la v5.3.2, permiten a atacantes dependientes del contexto obtener información sensible (contenido de la memoria) provocando una interrupción de una función externa. Relacionado con la llamada por referencia de la funcionalidad "time pass". • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://php-security.org/2010/05/26/mops-2010-041-php-strip_tags-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/26/mops-2010-042-php-setcookie-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/26/mops-2010-043-php-strtok • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 3

CVE-2010-2097

https://notcve.org/view.php?id=CVE-2010-2097

The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. Las funciones (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode en PHP v5.2 a la v5.2.13 y v5.3 a la v5.3.2, permiten a atacantes dependientes del contexto obtener información sensible (contenido de la memoria) provocando una interrupción del espacio de usuario de una función interna. Relacionado con la llamada por referencia de la funcionalidad "time pass". • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/18/mops-2010-034- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 5

CVE-2010-2100

https://notcve.org/view.php?id=CVE-2010-2100

The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. Las funciones (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, y (6) strtr en PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 permite a atacantes dependientes del contexto obtener información sensible (contenidos de memoria) provocando una interrupción del espacio de usuario de una función interna, relativo a la característica paso de tiempo de llamada por referencia. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/index.html http://php-security.org/2010/05/21/mops-20 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •