CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0CVE-2010-1915
https://notcve.org/view.php?id=CVE-2010-1915
The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory. La función preg_quote en PHP v5.2 hasta v.5.2.13 y v5.3 hasta v.5.3.2 permite a atacantes, dependiendo del contexto obtener información sensible (contenido de memoria) provocando una interrupción del espacio de usuario de una función interna relativa, a la característica paso de tiempo de llamada por referencia, modificando ZVALs cuyos valores no son actualizados en la asociación local de variables, y accede a memoria previamente liberada. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://www.php-security.org/2010/05/09/mops-2010-017-php-preg_quote-interruption-information-leak-vulnerability/index.html https://exchange.xforce.ibmcloud.com/vulnerabilities/58586 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 3CVE-2010-1914
https://notcve.org/view.php?id=CVE-2010-1914
The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. Zend Engine en PHP v5.2 hasta v5.2.13 y v5.3 hasta 5.3.2 permite a atacantes, dependiendo del contexto obtener información sensible interrumpiendo el manejador para (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function) o (3) ZEND_SR opcode (shift_right_function), relacionado a la función convert_to_long_base. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://www.php-security.org/2010/05/08/mops-2010-014-php-zend_bw_xor-opcode-interruption-address-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/08/mops-2010-015-php-zend_sl-opcode-interruption-address-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/08/mops-2010-016-php-zend_sr-opcode-interr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 1CVE-2010-1868
https://notcve.org/view.php?id=CVE-2010-1868
The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. Las funciones (1) sqlite_single_query y (2) sqlite_array_query en ext/sqlite/sqlite.c en PHP v5.2 hasta v5.2.13 y 5.3 hasta v5.3.2 permiten a atacantes, dependiendo del contexto, ejecutar código de su elección mediante las llamadas es estas funciones con una ètición SQL vacía, lo que provoca accesos a memoria no inicializada. • http://php-security.org/2010/05/07/mops-2010-012-php-sqlite_single_query-uninitialized-memory-usage-vulnerability/index.html http://php-security.org/2010/05/07/mops-2010-013-php-sqlite_array_query-uninitialized-memory-usage-vulnerability/index.html http://php-security.org/2010/05/07/mops-submission-03-sqlite_single_query-sqlite_array_query-uninitialized-memory-usage/index.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 1CVE-2010-1864
https://notcve.org/view.php?id=CVE-2010-1864
The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. La función addcslashes en PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 permite a atacantes dependiendo del contexto obtener información sensible (contenido de memoria) provocando una interrupción de espacio de usuario en una función interna, relativo a la característica paso de tiempo de llamada por referencia. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://php-security.org/2010/05/03/mops-2010-006-php-addcslashes-interruption-information-leak-vulnerability/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 16EXPL: 1CVE-2010-1861
https://notcve.org/view.php?id=CVE-2010-1861
The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource. La extensión sysvshm para PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 permite a atacantes dependiendo del contexto escribir sobre direcciones de memoria de su elección utilizando un objeto función _sleep para interrumpir una llamada interna sobre la función shm_put_var, lo que provoca accesos a recursos liberados. • http://php-security.org/2010/05/05/mops-2010-009-php-shm_put_var-already-freed-resource-access-vulnerability/index.html • CWE-399: Resource Management Errors •