- Home
- CVEs with nessus.description==Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues :
- CVE-2011-1938 The UNIX socket handling allowed attackers to trigger a buffer overflow via a long path name.
- CVE-2011-2483 The crypt_blowfish function did not properly handle 8-bit characters, which made it easier for attackers to determine a cleartext password by using knowledge of a password hash.
- CVE-2011-4566 When used on 32 bit platforms, the exif extension could be used to trigger an integer overflow in the exif_process_IFD_TAG function when processing a JPEG file.
- CVE-2011-4885 It was possible to trigger hash collisions predictably when parsing form parameters, which allows remote attackers to cause a denial of service by sending many crafted parameters.
- CVE-2012-0057 When applying a crafted XSLT transform, an attacker could write files to arbitrary places in the filesystem.
NOTE: the fix for CVE-2011-2483 required changing the behaviour of this function: it is now incompatible with some old (wrongly) generated hashes for passwords containing 8-bit characters. See the package NEWS entry for details. This change has not been applied to the Lenny version of PHP.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top