73 matches found
CVE-2010-3710
Stack consumption vulnerability in the filtervar function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTERVALIDATEEMAIL mode is used, allows remote attackers to cause a denial of service memory consumption and application crash via a long e-mail address string...
CVE-2010-2484
The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information memory contents or trigger memory corruption by causing a userspace interruption of an internal function or handler...
PHP 5.2 < 5.2.14 Multiple Vulnerabilities
According to its banner, the version of PHP 5.2 installed on the remote host is older than 5.2.14. Such versions may be affected by several security issues : - An error exists when processing invalid XML-RPC requests that can lead to a NULL pointer dereference. bug 51288 CVE-2010-0397 - An error...
CVE-2010-2225
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function...
CVE-2010-2190
The 1 trim, 2 ltrim, 3 rtrim, and 4 substrreplace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function, related to the call time pass by reference...
CVE-2010-2191
The 1 parsestr, 2 pregmatch, 3 unpack, and 4 pack functions; the 5 ZENDFETCHRW, 6 ZENDCONCAT, and 7 ZENDASSIGNCONCAT opcodes; and the 8 ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents or...
CVE-2010-2191
The 1 parsestr, 2 pregmatch, 3 unpack, and 4 pack functions; the 5 ZENDFETCHRW, 6 ZENDCONCAT, and 7 ZENDASSIGNCONCAT opcodes; and the 8 ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents or...
CVE-2010-2101
The 1 striptags, 2 setcookie, 3 strtok, 4 wordwrap, 5 strwordcount, and 6 strpad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function, related to the...
CVE-2010-2093
CVE-2010-2093 is a PHP use-after-free in the request shutdown path (stream context structure freed before destruction) that can cause a denial of service (crash) in PHP 5.2.x < 5.2.13 and 5.3.x =5.3.8. No exploit details are provided in the documents, and in-wild exploitation status is not spe...
CVE-2010-1914
The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the 1 ZENDBWXOR opcode shiftleftfunction, 2 ZENDSL opcode bitwisexorfunction, or 3 ZENDSR opcode shiftrightfunction, related to the...
CVE-2010-1914
The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the 1 ZENDBWXOR opcode shiftleftfunction, 2 ZENDSL opcode bitwisexorfunction, or 3 ZENDSR opcode shiftrightfunction, related to the...
CVE-2010-1914
The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the 1 ZENDBWXOR opcode shiftleftfunction, 2 ZENDSL opcode bitwisexorfunction, or 3 ZENDSR opcode shiftrightfunction, related to the...
CVE-2010-1917
Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service PHP crash via a crafted first argument to the fnmatch function, as demonstrated using a long string...
CVE-2010-1914
The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the 1 ZENDBWXOR opcode shiftleftfunction, 2 ZENDSL opcode bitwisexorfunction, or 3 ZENDSR opcode shiftrightfunction, related to the...
MOPS-2010-010: PHP html_entity_decode() Interruption Information Leak Vulnerability
MOPS-2010-010: PHP htmlentitydecode Interruption Information Leak Vulnerability May 6th, 2010 PHP’s htmlentitydecode function can be abused for information leak attacks, because of the call time pass by reference feature. Affected versions Affected is PHP 5.2 = 5.2.13 Affected is PHP 5.3 = 5.3.2...
MOPS-2010-009: PHP shm_put_var() Already Freed Resource Access Vulnerability
MOPS-2010-009: PHP shmputvar Already Freed Resource Access Vulnerability May 5th, 2010 When PHP’s shmputvar function is interrupted by an object’s sleep function it can destroy the shm resource used by this function which allows to write an arbitrary memory address. Affected versions Affected is...
MOPS-2010-013: PHP sqlite_array_query() Uninitialized Memory Usage Vulnerability
MOPS-2010-013: PHP sqlitearrayquery Uninitialized Memory Usage Vulnerability May 7th, 2010 PHP’s sqlitearrayquery function will use uninitialized memory if it is used with an empty SQL query. This can lead to arbitrary code execution. Affected versions Affected is PHP 5.2 = 5.2.13 Affected is PHP...
CVE-2010-1862
The chunksplit function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function, related to the call time pass by reference feature...
CVE-2010-1861
The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's sleep function to interrupt an internal call to the shmputvar function, which triggers access of a freed resource...
CVE-2010-1862
CVE-2010-1862 affects PHP 5.2.x up to 5.2.13 and 5.3.x up to 5.3.2. The vulnerability is in the chunk_split function, allowing a context-dependent attacker to obtain memory contents by triggering an interruption of an internal function related to call-time pass by reference. Impact per sources: p...