Lucene search
K

151 matches found

Prion
Prion
added 2010/11/09 1:0 a.m.38 views

Null pointer dereference

The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash via a crafted ZIP archive...

4.3CVSS6.7AI score0.13333EPSS
Exploits6References26Affected Software2
CVE
CVE
added 2010/11/08 11:0 p.m.160 views

CVE-2010-3436

Technical details for CVE-2010-3436 are not publicly available in the provided documents. Monitor for updates.

5CVSS5.9AI score0.0632EPSS
Exploits0References19Affected Software1
UbuntuCve
UbuntuCve
added 2010/11/08 12:0 a.m.37 views

CVE-2010-3709

The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash via a crafted ZIP archive...

4.3CVSS6.8AI score0.13333EPSS
Exploits6References2
UbuntuCve
UbuntuCve
added 2010/11/08 12:0 a.m.35 views

CVE-2010-3436

fopenwrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass openbasedir restrictions via vectors related to the length of a filename...

5CVSS6.8AI score0.0632EPSS
Exploits0References2
exploitpack
exploitpack
added 2010/11/07 12:0 a.m.12 views

PHP 5.3.x - mb_strcut() Information Disclosure

PHP 5.3.x - mbstrcut Information Disclosure source: https://www.securityfocus.com/bid/44727/info PHP is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks...

7.2AI score
Exploits0
NVD
NVD
added 2010/10/25 8:1 p.m.23 views

CVE-2010-3710

Stack consumption vulnerability in the filtervar function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTERVALIDATEEMAIL mode is used, allows remote attackers to cause a denial of service memory consumption and application crash via a long e-mail address string...

4.3CVSS9AI score0.03091EPSS
Exploits1References20
OpenVAS
OpenVAS
added 2010/09/27 12:0 a.m.13 views

Mandriva Update for php-xdebug MDVA-2010:181-1 (php-xdebug)

Check for the Version of php-xdebug OpenVAS Vulnerability Test Mandriva Update for php-xdebug MDVA-2010:181-1 php-xdebug Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modi...

7.1AI score
Exploits0References2
NVD
NVD
added 2010/08/20 8:0 p.m.14 views

CVE-2010-3064

Stack-based buffer overflow in the phpmysqlndauthwrite function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 username or 2 database name argument to the a mysqlconnect or b...

6.8CVSS9.9AI score0.02367EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2010/08/20 8:0 p.m.24 views

CVE-2010-3062

mysqlndwireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to 1 read sensitive memory via a modified length value, which is not properly handled by the phpmysqlndokread function; or 2 trigger a heap-based buffer overflow via a modified length value, which is n...

5CVSS6.1AI score0.02595EPSS
Exploits0References1
Prion
Prion
added 2010/08/20 8:0 p.m.14 views

Heap overflow

mysqlndwireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to 1 read sensitive memory via a modified length value, which is not properly handled by the phpmysqlndokread function; or 2 trigger a heap-based buffer overflow via a modified length value, which is n...

5CVSS7.5AI score0.02595EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2010/08/20 7:0 p.m.75 views

CVE-2010-3064

CVE-2010-3064: Stack-based buffer overflow in php_mysqlnd_auth_write (Mysqlnd extension) affects PHP 5.3–5.3.2. Context-dependent attackers could crash the process or possibly execute arbitrary code via a long username or database name passed to mysql_connect or mysqli_connect. Remediation: upgra...

6.8CVSS9.7AI score0.02367EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2010/08/20 7:0 p.m.62 views

CVE-2010-3063

CVE-2010-3063 affects PHP 5.3.x up to 5.3.2, targeting the mysqlnd extension. The php_mysqlnd_read_error_from_line function miscalculates a buffer length, allowing a heap-based overflow when a crafted input yields a negative length. Public sources (SUSE SUSE- and Gentoo/OpenVAS-related advisories...

5CVSS9.4AI score0.01574EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2010/07/30 12:0 a.m.21 views

MDVA-2010:181 : php-xdebug

This is maintenance and bugfix release bringing php-xdebug-2.1.0 final that addreses some php-5.3.x specific issues. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable Network Security, Inc...

7AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2010/06/24 12:0 a.m.35 views

CVE-2010-2225

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function...

7.5CVSS7.3AI score0.05342EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2010/06/08 12:30 a.m.23 views

CVE-2010-2191

The 1 parsestr, 2 pregmatch, 3 unpack, and 4 pack functions; the 5 ZENDFETCHRW, 6 ZENDCONCAT, and 7 ZENDASSIGNCONCAT opcodes; and the 8 ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents or...

6.4CVSS5.9AI score0.02411EPSS
Exploits3References8
Cvelist
Cvelist
added 2010/06/07 8:0 p.m.28 views

CVE-2010-2191

The 1 parsestr, 2 pregmatch, 3 unpack, and 4 pack functions; the 5 ZENDFETCHRW, 6 ZENDCONCAT, and 7 ZENDASSIGNCONCAT opcodes; and the 8 ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents or...

9.4AI score0.02411EPSS
Exploits3References11
UbuntuCve
UbuntuCve
added 2010/05/27 10:30 p.m.24 views

CVE-2010-2101

The 1 striptags, 2 setcookie, 3 strtok, 4 wordwrap, 5 strwordcount, and 6 strpad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function, related to the...

5CVSS5.9AI score0.02403EPSS
Exploits2References7
Prion
Prion
added 2010/05/27 10:30 p.m.17 views

Format string

Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the 1 pharstreamflush, 2...

6.8CVSS7.4AI score0.12652EPSS
Exploits1References9Affected Software1
CVE
CVE
added 2010/05/27 10:0 p.m.100 views

CVE-2010-2094

CVE-2010-2094 affects the PHP phar extension (PHP 5.3.x before 5.3.2) via crafted phar:// URIs, enabling context-dependent attackers to view memory contents and potentially execute arbitrary code. The vulnerability is triggered by improper handling in phar_stream_flush, phar_wrapper_unlink, phar_...

6.8CVSS9.5AI score0.12652EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2010/05/27 10:0 p.m.26 views

CVE-2010-2094

Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the 1 pharstreamflush, 2...

9.7AI score0.12652EPSS
Exploits1References9
Rows per page
Query Builder