CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 1CVE-2010-1862
https://notcve.org/view.php?id=CVE-2010-1862
The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. La función chunk_split en PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 permite a atacantes dependiendo del contexto obtener información sensible (contenido de memoria) provocando una interrupción del espacio de usuario de una función interna, relativo a la característica del paso de tiempo en la llamada por referencia. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://php-security.org/2010/05/04/mops-2010-008-php-chunk_split-interruption-information-leak-vulnerability/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 2CVE-2010-1866 – PHP 5.3 - 'PHP_dechunk()' HTTP Chunked Encoding Integer Overflow
https://notcve.org/view.php?id=CVE-2010-1866
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. El filtro dechunk en PHP 5.3 hasta v.5.3.2, cuando se decodifica un cadena HTTP fragmentada, permite a atacantes depediendo del contexto provocar una denegación de servicio (caída) y posiblemente una corrupción de memoria mediante un tamaño de fragmento negativo, lo que evita la comparación de signo, relativo a un desbordamiento de entero en el decodificados de tamaño del fragmento. • https://www.exploit-db.com/exploits/33920 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-comparison-vulnerability/index.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 1CVE-2010-1860
https://notcve.org/view.php?id=CVE-2010-1860
The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature. La función html_entity_decode en PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 permite a atacantes dependiendo del contexto obtener información sensible (contenido de memoria) o provocar una corrupción de memoria en una llamada interna, relativo a la característica de paso del tiempo de llamada por referencia. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://php-security.org/2010/05/06/mops-2010-010-php-html_entity_decode-interruption-information-leak-vulnerability/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2010-1129
https://notcve.org/view.php?id=CVE-2010-1129
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function. La implementación de safe_mode en PHP anteriores a v5.2.13 no manejan de forma adecuada las rutas de los nombres de directorios que no tienen un carácter "/" (barra), lo que permite a usuarios dependiendo del contexto saltarse las restricciones de intentos de acceso a través de vectores relativos al uso de la función tempsam. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://secunia.com/advisories/38708 http://secunia.com/advisories/40551 http://securitytracker.com/id?1023661 http://support.apple.com/kb/HT4312 http://www.php.net/ChangeLog-5.php http://www.php.net/releases/5_2_13.php http://www.securityfocus.com/bid/38431 http://www.vupen.com/english/advisories/2010/0479 http://www& • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 2%CPEs: 35EXPL: 2CVE-2010-1130 – PHP 5.3.1 - 'session_save_path() Safe_mode()' Restriction Bypass Exploiot
https://notcve.org/view.php?id=CVE-2010-1130
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot). session.c en la extesión session en PHP anteriores a v5.2.13, y v5.3.1, no interpreta de forma adecuada los carácteres ";" en el argumento sobre la función session_save_path, lo que permites a atacantes dependiendo del contexto saltar las restricciones open_basedir y safe_mode a través de un argumento que contiene varios caracteres ";" junto a ".." punto punto. • https://www.exploit-db.com/exploits/33625 http://secunia.com/advisories/38708 http://securityreason.com/achievement_securityalert/82 http://securityreason.com/securityalert/7008 http://securitytracker.com/id?1023661 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?r1=293036&r2=294272 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?view=log http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/s • CWE-264: Permissions, Privileges, and Access Controls •