Search Results (Refine Search)
- CPE Product Version: cpe:/a:php:php:5.0.0:beta3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-3268 |
Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483. Published: August 25, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-3267 |
PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors. Published: August 25, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-3182 |
PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. Published: August 25, 2011; 10:22:47 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-1470 |
The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. Published: March 19, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1469 |
Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper. Published: March 19, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1468 |
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function. Published: March 19, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1467 |
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409. Published: March 19, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-1466 |
Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function. Published: March 19, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-1464 |
Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument. Published: March 19, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-0708 |
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. Published: March 19, 2011; 10:00:03 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-0421 |
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. Published: March 19, 2011; 10:00:03 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1153 |
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call. Published: March 16, 2011; 6:55:04 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-1092 |
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. Published: March 15, 2011; 1:55:04 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-0755 |
Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax. Published: February 02, 2011; 5:00:02 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-0752 |
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758. Published: February 02, 2011; 5:00:01 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-4699 |
The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set. Published: January 18, 2011; 3:00:10 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-4697 |
Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference. Published: January 18, 2011; 3:00:10 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-7243 |
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. Published: January 18, 2011; 3:00:10 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-5016 |
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870. Published: November 12, 2010; 5:00:01 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-1130 |
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot). Published: March 26, 2010; 4:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |