CVSS: 5.8EPSS: 1%CPEs: 4EXPL: 1CVE-2009-2687 – php: exif_read_data crash on corrupted JPEG files
https://notcve.org/view.php?id=CVE-2009-2687
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. La función exif_read_data en el módulo Exif en PHP anteriores v5.2.10 permite a atacantes remotos causar una denegación de servicio (caída) a través de una imagen JPEG mal formada con campos inválidos en offset, siendo un asunto diferente a CVE-2005-3353. • http://bugs.php.net/bug.php?id=48378 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://osvdb.org/55222 http://secunia.com/advisories/35441 http://secunia.com/advisories/36462 http://secunia.com/advisories/37482 http://secunia.com/advisories/40262 http://www.debian.org/security/2009/dsa-1940 http://www.mandriva.com/security/advisories?name=MDVSA-2009:145 http://www.mandriva.com/security • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2009-2222
https://notcve.org/view.php?id=CVE-2009-2222
Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail. Vulnerabilidad de salto de directorio en PHP-I-BOARD 1.2 y versiones anteriores permite a atacantes remotos leer ficheros de su elección mediante secuencias de salto de directorio en vectores no especificados, probablemente en relación con el correo. • http://jvn.jp/jp/JVN32788272/index.html http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000046.html http://php.s3.to/bbs/bbs8.php http://secunia.com/advisories/35532 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-2221
https://notcve.org/view.php?id=CVE-2009-2221
Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en PHP-I-BOARD 1.2 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://jvn.jp/jp/JVN20219071/index.html http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000045.html http://php.s3.to/bbs/bbs8.php http://secunia.com/advisories/35532 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0831 – PHP-Fusion Mod Members CV (job) 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-0831
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter. Vulnerabilidad de inyección SQL en members.php en el módulo Members CV (job) v1.0 para PHP-Fusion, cuando magic_quotes_gpc no está activo, permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través del parámetro "sortby". • https://www.exploit-db.com/exploits/7697 http://secunia.com/advisories/33424 http://www.securityfocus.com/bid/33156 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 2.6EPSS: 0%CPEs: 109EXPL: 0CVE-2008-5814 – php: XSS via PHP error messages
https://notcve.org/view.php?id=CVE-2008-5814
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208. Vulnerabilidad de Secuencias de Comandos en Sitios Cruzados (XSS) en PHP, posiblemente v5.2.7 y anteriores, cuando display_error está activada, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a través de vectores no especificados. NOTA: debido a la falta de detalles, no está claro si esto está relacionado con CVE-2006-0208. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://jvn.jp/en/jp/JVN50327700/index.html http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html http://marc.info/?l=bugtraq&m=124277349419254&w=2 http://secunia.com/advisories/34830 http://secunia.com/advisories/34933 http://secunia.com/advisories/35003 http://secunia.com/advisories/35007 http://secunia.com/advisories/35108 http://www.debian.org/security/2009/dsa-1789 http://www • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •