CVE-2026-33994

A flaw was found in the locutus npm package. A prototype pollution vulnerability exists in the parsestr function. A remote attacker can exploit this by crafting a malicious query string and overriding RegExp.prototype.test, leading to the pollution of Object.prototype. This bypasses existing...

EUVD-2021-1057

Malware in sbrugna...

CVE-2010-2191

The 1 parsestr, 2 pregmatch, 3 unpack, and 4 pack functions; the 5 ZENDFETCHRW, 6 ZENDCONCAT, and 7 ZENDASSIGNCONCAT opcodes; and the 8 ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents or...

Input validation

The parsestr function in 1 PHP, 2 Hardened-PHP, and 3 Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the...

Fedora Core 4 : php-5.0.4-10.5 (2005-1062)

This update includes several security fixes : - fixes for prevent malicious requests from overwriting the GLOBALS array CVE-2005-3390 - a fix to stop the parsestr function from enabling the registerglobals setting CVE-2005-3389 - fixes for Cross-Site Scripting flaws in the phpinfo output...

CVE-2005-3389

The parsestr function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the registerglobals directive via inputs that cause a request to be terminated due to the memorylimit setting, which causes PHP to set an internal flag that...

CVE-2005-3389

Technical details about CVE-2005-3389 (affected PHP versions, exploit scenarios, and patches) are not publicly provided in the connected documents. Monitor for updates from vendors/OSVs for concrete remediation status.