Roundcube Webmail <= 0.5.4 DoS Vulnerability

Roundcube Webmail is prone to a denial of service DoS vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Sql injection

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service resource consumption and inbox outage, via a Subject header containing only a URL, a related issue to...

CVE-2011-4078

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service resource consumption and inbox outage, via a Subject header containing only a URL, a related issue to...

CVE-2011-4078

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service resource consumption and inbox outage, via a Subject header containing only a URL, a related issue to...

CVE-2011-4078

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service resource consumption and inbox outage, via a Subject header containing only a URL, a related issue to...

CVE-2011-3379

The isa function in PHP 5.3.7 and 5.3.8 triggers a call to the autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders...

Security issue is_a function in PHP 5.3.7+

PHP 5.3.7 changed the behavior of the isa function, used to check if an object is an instance of a class, to call the autoload function. This causes a remote code execute problem when coupled with a standard library like PEAR that internally uses isa to check if a returned variable is an Error...

CVE-2011-3267

PHP before 5.3.7 does not properly implement the errorlog function, which allows context-dependent attackers to cause a denial of service application crash via unspecified vectors...

Code injection

PHP before 5.3.7 does not properly implement the errorlog function, which allows context-dependent attackers to cause a denial of service application crash via unspecified vectors...

CVE-2011-2483

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

CVE-2011-3189

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483...

CVE-2011-3189

CVE-2011-3189 affects PHP 5.3.7: when using the MD5 hash type in the crypt() function, it returns the salt value instead of the hashed password, potentially allowing authentication bypass with an arbitrary password. This is noted as a different issue from CVE-2011-2483; no further technical detai...

CVE-2011-3267

PHP before 5.3.7 does not properly implement the errorlog function, which allows context-dependent attackers to cause a denial of service application crash via unspecified vectors...

PHP 5.3.7 crypt() MD5 Incorrect Return Value

Binary data 801098.prm...

PHP 5.3 < 5.3.7 Multiple Vulnerabilities

Binary data 801087.prm...

php -- multiple vulnerabilities

PHP development team reports: Security Enhancements and Fixes in PHP 5.3.7: Updated cryptblowfish to 1.2. CVE-2011-2483 Fixed crash in errorlog. Reported by Mateusz Kocielski Fixed buffer overflow on overlog salt in crypt. Fixed bug 54939 File path injection vulnerability in RFC1867 File upload...

PHP < 5.3.7 Security Bypass Vulnerability - Windows

PHP is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

CVE-2011-2202

The rfc1867posthandler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request...