CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 4CVE-2011-4153 – PHP 5.3.8 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4153
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c. PHP v5.3.8 no siempre comprueba el valor devuelto de la función zend_strndup, lo que podría permitir a atacantes remotos provocar una denegación de servicio (borrado de referencia a puntero nulo y caída de la aplicación) a través de una entrada especificamente diseñada para este fin a una aplicación que realiza operaciones de 'strndup' (duplicación) de cadenas de datos no confiables. Esto se puede demostrar con la función 'define' en zend_builtin_functions.c, y funciones no especificadas en ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c y main/php_open_temporary_file.c. PHP version 5.3.8 suffers from multiple NULL pointer dereference vulnerabilities. • https://www.exploit-db.com/exploits/18370 http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html http://cxsecurity.com/research/103 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html http://marc.info/?l=bugtraq&m=134012830914727&w=2&# • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 84%CPEs: 45EXPL: 5CVE-2011-4885 – PHP 5.3.8 - Hashtables Denial of Service
https://notcve.org/view.php?id=CVE-2011-4885
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. PHP anterior a v5.3.9 calcula los valores hash de los parámetros de forma, sin restringir la capacidad de desencadenar colisiones hash predecible, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío de gran cantidad de parámetros a mano. • https://www.exploit-db.com/exploits/18296 https://www.exploit-db.com/exploits/18305 https://www.exploit-db.com/exploits/2012 http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html ht • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 88%CPEs: 10EXPL: 1CVE-2011-4566 – php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure
https://notcve.org/view.php?id=CVE-2011-4566
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. Un desbordamiento de entero en la función exif_process_IFD_TAG en el fichero exif.c de la extensión exif de PHP v5.4.0 beta2 en las plataformas de 32 bits permite a atacantes remotos leer los contenidos de ubicaciones de memoria aleatorias o causar una denegación de servicio a través de un valor de offset_val concreto en una cabecera EXIF en un archivo JPEG. Se trata de una vulnerabilidad diferente a CVE-2.011-0708. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://rhn.redhat.com/errata/RHSA-2012-0071.html http://secunia.com/advisories/47253 http://secunia.com/advisories/48668 http://support.apple.com/kb/HT5281 http://www.debian.org/security/2012/dsa-2399 http://www.mandriva.com/security/advisories?name=MDVSA-2011:197 http://www.redhat.com/support/errata/RHSA-2012-0019.html http:/& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 5%CPEs: 4EXPL: 5CVE-2011-3336 – Libc - 'regcomp()' Stack Exhaustion Denial of Service
https://notcve.org/view.php?id=CVE-2011-3336
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. regcomp en la implementación BSD de libc, es vulnerable a una denegación de servicio debido al agotamiento de la pila. Mac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp(). • https://www.exploit-db.com/exploits/36288 http://seclists.org/fulldisclosure/2014/Mar/166 http://www.securityfocus.com/bid/50541 https://cxsecurity.com/issue/WLB-2011110082 https://www.securityfocus.com/archive/1/520390 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 6%CPEs: 2EXPL: 2CVE-2011-3379
https://notcve.org/view.php?id=CVE-2011-3379
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. La función de PHP v5.3.7 y v5.3.8 activa una llamada a la función __autoload, lo que hace más fácil para los atacantes remotos ejecutar código arbitrario mediante una URL y el aprovechamiento de los comportamientos potencialmente peligrosos en ciertos paquetes de PEAR y cargadores automáticos de medida. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://securityreason.com/securityalert/8525 http://svn.php.net/viewvc/?view=revision&revision=317183 http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8 http://www.securityfocus.com/archive/1/519770/30/0/threaded https://bugs.php.net/bug.php?id=55475 https://bugzilla.redhat.com/show_bug.cgi?id=741020 • CWE-94: Improper Control of Generation of Code ('Code Injection') •