CVE-2010-3710

Related Files

HP Security Bulletin HPSBOV02763 SSRT100826

Posted Apr 17, 2012

Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02763 SSRT100826 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, privilege escalation, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.

tags | advisory, web, denial of service, php, vulnerability

advisories | CVE-2006-7243, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2484, CVE-2010-2531, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4150, CVE-2010-4645, CVE-2010-4697, CVE-2010-4698, CVE-2011-0421, CVE-2011-0708, CVE-2011-0752, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1938, CVE-2011-2202, CVE-2011-4885

SHA-256 | ed9a5902d9c99aabc1fc739a0ec49b2e95fcbd6c58b9ceb14b8f6abcfe7fb2bc

Download | Favorite | View

Debian Security Advisory 2195-1

Posted Mar 21, 2011

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2195-1 - Stephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system (CVE-2011-0441).

tags | advisory, arbitrary, php

systems | linux, debian

advisories | CVE-2011-0441, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4150

SHA-256 | 8c976ecd8159b97b81ceda7096250bcdba228218460a2b386797c24f18912b61

Download | Favorite | View

Ubuntu Security Notice USN-1042-1

Posted Jan 12, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1042-1 - Various issues have been addressed with php5. It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that the XML UTF-8 decoding code did not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that attackers might be able to bypass open_basedir() restrictions by passing a specially crafted filename. Other issues Maksymilian Arciemowicz discovered that a NULL pointer derefence in the ZIP archive handling code could allow an attacker to cause a denial of service through a specially crafted ZIP archive.

tags | advisory, denial of service, overflow, xss

systems | linux, ubuntu

advisories | CVE-2009-5016, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4156, CVE-2010-4409, CVE-2010-4645

SHA-256 | 913a13e39a2c89b9d6470dae0fbd06dbbb46dd11bfc6b11630757c337688701f

Download | Favorite | View

Mandriva Linux Security Advisory 2010-218

Posted Nov 2, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-218 - Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service via a long e-mail address string. A NULL pointer dereference was discovered in ZipArchive::getArchiveComment. A possible flaw was discovered in open_basedir.

tags | advisory, remote, denial of service, php

systems | linux, mandriva

advisories | CVE-2010-3710, CVE-2010-3709, CVE-2010-3436

SHA-256 | 37d3774ae0de303318f0471adca3f67d29f0f7aa433586ad23ec8e9b8b0107b3

Download | Favorite | View