Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2010-3709 | 4.3 |
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.
|
13-02-2023 - 04:25 | 09-11-2010 - 01:00 | |
CVE-2010-3436 | 5.0 |
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.
|
01-09-2022 - 16:32 | 09-11-2010 - 01:00 | |
CVE-2006-7243 | 5.0 |
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argum
|
30-10-2018 - 16:26 | 18-01-2011 - 20:00 | |
CVE-2011-0752 | 5.0 |
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions b
|
30-10-2018 - 16:26 | 02-02-2011 - 22:00 | |
CVE-2010-4150 | 5.0 |
Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via
|
19-09-2017 - 01:31 | 07-12-2010 - 22:00 | |
CVE-2010-3710 | 4.3 |
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) v
|
23-08-2016 - 02:02 | 25-10-2010 - 20:01 | |
CVE-2010-2950 | 6.8 |
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not pr
|
04-05-2011 - 02:49 | 28-09-2010 - 18:00 |