Vulnerabilities > PHP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-05-07 | CVE-2010-1861 | Resource Management Errors vulnerability in PHP The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource. | 6.4 |
| 2010-05-07 | CVE-2010-1860 | Information Exposure vulnerability in PHP The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature. | 5.0 |
| 2010-03-26 | CVE-2010-1130 | Permissions, Privileges, and Access Controls vulnerability in PHP session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. | 5.0 |
| 2010-03-26 | CVE-2010-1128 | Cryptographic Issues vulnerability in PHP The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function. | 6.4 |
| 2010-03-16 | CVE-2010-0397 | Remote Denial of Service vulnerability in PHP 5.3.1 The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument. | 5.0 |
| 2009-12-24 | CVE-2009-4418 | Numeric Errors vulnerability in PHP The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences. | 5.0 |
| 2009-12-21 | CVE-2009-4142 | Cross-Site Scripting vulnerability in PHP The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. | 4.3 |
| 2009-12-01 | CVE-2009-2626 | Information Disclosure vulnerability in PHP 'ini_restore()' Memory The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. | 6.4 |
| 2009-11-23 | CVE-2009-3558 | Permissions, Privileges, and Access Controls vulnerability in PHP The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file. | 6.8 |
| 2009-11-23 | CVE-2009-3557 | Permissions, Privileges, and Access Controls vulnerability in PHP The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments. | 5.0 |