- Home
- CVEs with nessus.description==According to its banner, the version of PHP 5.2 installed on the
remote host is older than 5.2.14. Such versions may be affected by
several security issues :
- An error exists when processing invalid XML-RPC
requests that can lead to a NULL pointer
dereference. (bug #51288) (CVE-2010-0397)
- An error exists in the function 'fnmatch' that can lead
to stack exhaustion.
- An error exists in the sqlite extension that could
allow arbitrary memory access.
- A memory corruption error exists in the function
'substr_replace'.
- The following functions are not properly protected
against function interruptions :
addcslashes, chunk_split, html_entity_decode,
iconv_mime_decode, iconv_substr, iconv_mime_encode,
htmlentities, htmlspecialchars, str_getcsv,
http_build_query, strpbrk, strstr, str_pad,
str_word_count, wordwrap, strtok, setcookie,
strip_tags, trim, ltrim, rtrim, parse_str, pack, unpack,
uasort, preg_match, strrchr, strchr, substr, str_repeat
(CVE-2010-1860, CVE-2010-1862, CVE-2010-1864,
CVE-2010-2097, CVE-2010-2100, CVE-2010-2101,
CVE-2010-2190, CVE-2010-2191, CVE-2010-2484)
- The following opcodes are not properly protected
against function interruptions :
ZEND_CONCAT, ZEND_ASSIGN_CONCAT, ZEND_FETCH_RW
(CVE-2010-2191)
- The default session serializer contains an error
that can be exploited when assigning session
variables having user defined names. Arbitrary
serialized values can be injected into sessions by
including the PS_UNDEF_MARKER, '!', character in
variable names.
- A use-after-free error exists in the function
'spl_object_storage_attach'. (CVE-2010-2225)
- An information disclosure vulnerability exists in the
function 'var_export' when handling certain error
conditions. (CVE-2010-2531)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top