Vulnerabilities > PHP > PHP > 5.3.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-11-03 | CVE-2011-4078 | Resource Management Errors vulnerability in Roundcube Webmail include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379. | 5.0 |
2011-11-03 | CVE-2011-3379 | Code Injection vulnerability in PHP 5.3.7/5.3.8 The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. | 7.5 |
2011-08-25 | CVE-2011-3189 | Cryptographic Issues vulnerability in PHP 5.3.7 The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483. | 4.3 |