CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 1CVE-2004-0958 – PHP 4.x/5.0.1 - PHP_Variables Remote Memory Disclosure
https://notcve.org/view.php?id=CVE-2004-0958
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. PHP anteriores a 5.0.2 permiten a atacantes remotos leer contenidos de memoria sensibles mediante variables (1) GET, (2) POST, o (3) COOKIE GPC que acaban en un carácter de apertura de corchete. • https://www.exploit-db.com/exploits/24656 http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0053.html http://marc.info/?l=bugtraq&m=109527531130492&w=2 http://secunia.com/advisories/12560 http://securitytracker.com/id?1011279 http://www.redhat.com/support/errata/RHSA-2004-687.html https://bugzilla.fedora.us/show_bug.cgi?id=2344 https://exchange.xforce.ibmcloud.com/vulnerabilities/17393 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10863&# •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0959
https://notcve.org/view.php?id=CVE-2004-0959
rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified. PHP anteriores a 5.0.2 permiten a usuarios locales subir ficheros a sitios de su elección mediante un script PHP con una cierta cabecera que hace que el array $_FILES sea modificado. • http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0054.html http://marc.info/?l=bugtraq&m=109534848430404&w=2 http://secunia.com/advisories/12560 http://securitytracker.com/id?1011307 http://www.redhat.com/support/errata/RHSA-2004-687.html https://bugzilla.fedora.us/show_bug.cgi?id=2344 https://exchange.xforce.ibmcloud.com/vulnerabilities/17392 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10961 https://access.redhat.com/security/cve/CVE •