Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:php:php:5.3.7
There are 244 matching records.
Displaying matches 241 through 244.
Vuln ID Summary CVSS Severity
CVE-2011-4885

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Published: December 29, 2011; 8:55:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-4078

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379.

Published: November 03, 2011; 11:55:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3379

The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.

Published: November 03, 2011; 11:55:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3189

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.

Published: August 25, 2011; 10:22:48 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM