Page 58 of 305 results (0.006 seconds)

CVSS: 6.4EPSS: 0%CPEs: 13EXPL: 2

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function. El Linear Congruential Generator (LCG) en PHP anteriores a v5.2.13 no provee la entropía esperada, lo que hace más fácil para atacantes dependiendo del contexto adivinar valores que deberían ser impredecibles, como se demostró con cookies de sesión generadas utilizando la función uniqid. • https://www.exploit-db.com/exploits/33677 http://secunia.com/advisories/38708 http://secunia.com/advisories/42410 http://www.php.net/ChangeLog-5.php http://www.php.net/releases/5_2_13.php http://www.redhat.com/support/errata/RHSA-2010-0919.html http://www.securityfocus.com/bid/38430 http://www.vupen.com/english/advisories/2010/0479 http://www.vupen.com/english/advisories/2010/3081 https://access.redhat.com/security/cve/CVE-2010-1128 https://bugzilla.redhat& • CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function. La implementación de safe_mode en PHP anteriores a v5.2.13 no manejan de forma adecuada las rutas de los nombres de directorios que no tienen un carácter "/" (barra), lo que permite a usuarios dependiendo del contexto saltarse las restricciones de intentos de acceso a través de vectores relativos al uso de la función tempsam. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://secunia.com/advisories/38708 http://secunia.com/advisories/40551 http://securitytracker.com/id?1023661 http://support.apple.com/kb/HT4312 http://www.php.net/ChangeLog-5.php http://www.php.net/releases/5_2_13.php http://www.securityfocus.com/bid/38431 http://www.vupen.com/english/advisories/2010/0479 http://www& • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 38EXPL: 0

The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences. La función deserializada (unserialize) en PHP 5.3.0 y anteriores permite a atacantes dependientes del contexto causar una denegación de servicio (consumo de recursos) a través una variables anidadas profundamente, como queda demostrada con una cadena inicializada con a:1: seguida de una larga secuencia {a:1: . • http://www.suspekt.org/2009/11/28/shocking-news-in-php-exploitation http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 1%CPEs: 108EXPL: 0

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. PHP versiones anteriores a v5.2.12 no maneja adecuadamente los datos de sesión, teniendo un impacto no especificado y vectores de ataque relacionado con (1) la interrupción de corrupción de la selección SESSION superglobal y (2) la directiva session.save_path. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://secunia.com/advisories/37821 http://secunia.com/advisories/38648 http://secunia.com/advisories/40262 http://secunia.com/advisories/41480 http://secunia.com/advisories/41490 http://support.apple.com/kb/HT4077 http://www.debian.org/security/2010/dsa-2001 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 http://ww •

CVSS: 4.3EPSS: 2%CPEs: 111EXPL: 4

The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. La función htmlspecialchars en PHP versiones anteriores a v5.2.12 no maneja adecuadamente (1) secuencias UTF-8 demasiado largas, (2) secuencias inválidas Shift_JIS, y (39 secuencias inválidas EUC-JP, permitiendo a atacantes remotos dirigir ataques de secuencias de comandos en sitios cruzados (XSS) poniendo secuencias de bytes modificados antes de un carácter especial. • https://www.exploit-db.com/exploits/33414 https://www.exploit-db.com/exploits/33415 http://bugs.php.net/bug.php?id=49785 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://secunia.com/advisories/37821 http://secunia.com/advisories/38648 http://secunia.com/advisories/40262 http://securitytracker.com/id?1023372 http://support.apple.com/kb/HT4077 http://www.debian.org/security/2010/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •