- Home
- CVEs with nessus.description==Several vulnerabilities have been discovered in PHP, the web scripting
language. The Common Vulnerabilities and Exposures project identifies
the following issues :
- CVE-2011-1938
The UNIX socket handling allowed attackers to trigger a
buffer overflow via a long path name.
- CVE-2011-2483
The crypt_blowfish function did not properly handle
8-bit characters, which made it easier for attackers to
determine a cleartext password by using knowledge of a
password hash.
- CVE-2011-4566
When used on 32 bit platforms, the exif extension could
be used to trigger an integer overflow in the
exif_process_IFD_TAG function when processing a JPEG
file.
- CVE-2011-4885
It was possible to trigger hash collisions predictably
when parsing form parameters, which allows remote
attackers to cause a denial of service by sending many
crafted parameters.
- CVE-2012-0057
When applying a crafted XSLT transform, an attacker
could write files to arbitrary places in the filesystem.
NOTE: the fix for CVE-2011-2483 required changing the behaviour of
this function: it is now incompatible with some old (wrongly)
generated hashes for passwords containing 8-bit characters. See the
package NEWS entry for details. This change has not been applied to
the Lenny version of PHP.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top