Vulnerabilities > PHP > PHP > 5.3.7

DATE CVE VULNERABILITY TITLE RISK
2011-11-03 CVE-2011-4078 Resource Management Errors vulnerability in Roundcube Webmail
include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379.
network
low complexity
roundcube php CWE-399
5.0
5.0
2011-11-03 CVE-2011-3379 Code Injection vulnerability in PHP 5.3.7/5.3.8
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
network
low complexity
php CWE-94
7.5
7.5
2011-08-25 CVE-2011-3189 Cryptographic Issues vulnerability in PHP 5.3.7
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.
network
php CWE-310
4.3
4.3