Vulnerabilities > PHP > PHP > 5.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-05-27 | CVE-2010-2093 | Resource Management Errors vulnerability in PHP Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs. | 5.0 |
2010-05-12 | CVE-2010-1917 | Resource Management Errors vulnerability in PHP Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string. | 5.0 |
2010-05-12 | CVE-2010-1915 | Information Exposure vulnerability in PHP The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory. | 5.0 |
2010-05-12 | CVE-2010-1914 | Information Exposure vulnerability in PHP The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. | 5.0 |
2010-05-07 | CVE-2010-1868 | Code Injection vulnerability in PHP The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. | 7.5 |
2010-05-07 | CVE-2010-1866 | Integer Overflow or Wraparound vulnerability in multiple products The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. | 9.8 |
2010-05-07 | CVE-2010-1864 | Information Exposure vulnerability in PHP The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | 5.0 |
2010-05-07 | CVE-2010-1862 | Information Exposure vulnerability in PHP The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | 5.0 |
2010-05-07 | CVE-2010-1861 | Resource Management Errors vulnerability in PHP The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource. | 6.4 |
2010-05-07 | CVE-2010-1860 | Information Exposure vulnerability in PHP The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature. | 5.0 |