Show filters
32 Total Results
Displaying 21-30 of 32
Sort by:
Attacker Value
Unknown

CVE-2011-0421

Disclosure Date: March 20, 2011 (last updated October 04, 2023)
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.
0
Attacker Value
Unknown

CVE-2011-1466

Disclosure Date: March 20, 2011 (last updated October 04, 2023)
Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.
0
Attacker Value
Unknown

CVE-2011-1467

Disclosure Date: March 20, 2011 (last updated October 04, 2023)
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.
0
Attacker Value
Unknown

CVE-2011-1469

Disclosure Date: March 20, 2011 (last updated October 04, 2023)
Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.
0
Attacker Value
Unknown

CVE-2011-1468

Disclosure Date: March 20, 2011 (last updated October 04, 2023)
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.
0
Attacker Value
Unknown

CVE-2011-0708

Disclosure Date: March 20, 2011 (last updated October 04, 2023)
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.
0
Attacker Value
Unknown

CVE-2011-1464

Disclosure Date: March 20, 2011 (last updated October 04, 2023)
Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.
0
Attacker Value
Unknown

CVE-2011-1092

Disclosure Date: March 15, 2011 (last updated October 04, 2023)
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.
0
Attacker Value
Unknown

CVE-2011-0755

Disclosure Date: February 02, 2011 (last updated October 04, 2023)
Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.
0
Attacker Value
Unknown

CVE-2006-7243

Disclosure Date: January 18, 2011 (last updated October 04, 2023)
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
0