Page 64 of 589 results (0.017 seconds)

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2010-3064

https://notcve.org/view.php?id=CVE-2010-3064

Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function. Desbordamiento de búfer basado en pila en la función php_mysqlnd_auth_write en la extensión Mysqlnd en PHP v5.3 hasta v5.3.2 permite dependiendo del contexto a atacantes provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de un 1) nombre de usuario o (2) argumento de nombre de base de datos a (a) mysql_connect o (b) mysqli_connect function largo. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://php-security.org/2010/05/31/mops-2010-059-php-php_mysqlnd_auth_write-stack-buffer-overflow-vulnerability/index.html http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703 http://svn.php.net/viewvc?view=revision&revision=298703 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0

CVE-2010-2484

https://notcve.org/view.php?id=CVE-2010-2484

The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. La función strrchr en PHP v5.2 anterior a v5.2.14 permite dependiendo del contexto a atacantes obtener información sensible (contenido de la memoria) o desencadenar un consumo de memoria provocando una interrepcuón del espacio de usuario de un controlador o una función interna. • http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://support.apple.com/kb/HT4312 http://support.apple.com/kb/HT4435 http://www.php.net/releases/5_2_14.php https://bugzilla.redhat.com/show_bug.cgi?id=619324 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 0

CVE-2010-2531 – php: information leak vulnerability in var_export()

https://notcve.org/view.php?id=CVE-2010-2531

The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion. La función var_export en PHP v5.2 anterior a v5.2.14 y v5.3 anterior a v5.3.3 vacía el búfer de salida para el usuario cuando se producen ciertos errores graves, incluso cuando display_errors está apagado, lo que permite a atacantes remotos obtener información sensible provocando que la aplicación exceda los límites de memoria, tiempo de ejecución, o recursividad. • http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=130331363227777&w=2 http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://secunia.com/advisories/42410 http://support.apple.com/kb/HT4312 http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 4%CPEs: 17EXPL: 1

CVE-2010-2225

https://notcve.org/view.php?id=CVE-2010-2225

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function. Vulnerabilidad de uso después de la liberación (Use-after-free) en deserializador SplObjectStorage en PHP v5.2.x y v5.3.x hasta v5.3.2 permite a atacantes remotos ejecutar código de su elección u obtener información sensible a través de datos serializados, relacionados con la función de PHP unserialize. • http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://pastebin.com/mXGidCsd http://secunia.com/advisories/40860 http://support.apple.com/kb/HT4312 http://twitter.com/i0n1c/statuses/16373156076 http://twitter.com/i0n1c/statuses/16447867829 http://www.debian& • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 2

CVE-2010-2190

https://notcve.org/view.php?id=CVE-2010-2190

The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. Las funciones (1) trim, (2) ltrim, (3) rtrim, y (4) substr_replace en PHP v5.2 a v5.2.13 y v5.3 a v5.3.2 permiten obtener a atacantes información sensible variable en función del contexto (el contenido de la memoria) provocando una interrupción del espacio de usuario de una función interna, relacionado con la llamada por referencia de la funcionalidad "time pass". • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://www.php-security.org/2010/05/30/mops-2010-047-php-trimltrimrtrim-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/30/mops-2010-048-php-substr_replace-interruption-information-leak-vulnerability/index.html https://exchange.xforce.ibmcloud.com/vulnerabilities/59220 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •