Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2011-2483 | 5.0 |
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext passwo
|
25-10-2023 - 20:23 | 25-08-2011 - 14:22 | |
CVE-2011-2202 | 6.4 |
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwr
|
30-10-2018 - 16:26 | 16-06-2011 - 23:55 | |
CVE-2011-1464 | 4.3 |
Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argumen
|
30-10-2018 - 16:26 | 20-03-2011 - 02:00 | |
CVE-2011-1092 | 7.5 |
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.
|
30-10-2018 - 16:26 | 15-03-2011 - 17:55 | |
CVE-2011-0421 | 4.3 |
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer derefer
|
30-10-2018 - 16:26 | 20-03-2011 - 02:00 | |
CVE-2011-1148 | 7.5 |
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple
|
30-10-2018 - 16:26 | 18-03-2011 - 15:55 | |
CVE-2011-0708 | 4.3 |
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buf
|
30-10-2018 - 16:26 | 20-03-2011 - 02:00 | |
CVE-2011-3268 | 10.0 |
Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.
|
29-08-2017 - 01:30 | 25-08-2011 - 18:55 | |
CVE-2011-3267 | 5.0 |
PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.
|
29-08-2017 - 01:30 | 25-08-2011 - 18:55 | |
CVE-2011-3189 | 4.3 |
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability tha
|
29-08-2017 - 01:30 | 25-08-2011 - 14:22 | |
CVE-2011-1938 | 7.5 |
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.
|
17-08-2017 - 01:34 | 31-05-2011 - 20:55 | |
CVE-2011-1153 | 7.5 |
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly e
|
17-08-2017 - 01:33 | 16-03-2011 - 22:55 |