Grzegorz Stachowiak

#8901de 53,635
30.7CVSS total
Vulnerabilidades · 5
Média
4
Alta
1
PT-2010-2844
6.4
2010-03-26
Php · Php · CVE-2010-1128
**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.2.13 **Description** The Linear Congruential Generator (LCG) in PHP does not provide the expected entropy, making it easier for attackers to guess values that were intended to be unpredictable, such as session cookies generated by the uniqid function. **Recommendations** For versions prior to 5.2.13, update to version 5.2.13 or later to resolve the issue.
PT-2010-2845
7.5
2010-03-26
Php · Php · CVE-2010-1129
**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.2.13 **Description** The issue arises from the safe mode implementation not properly handling directory pathnames without a trailing slash, allowing attackers to bypass access restrictions through vectors related to the tempnam function. **Recommendations** For versions prior to 5.2.13, update to version 5.2.13 or later to resolve the issue.
PT-2010-2846
5.0
2010-03-26
Php · Php · CVE-2010-1130
**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.2.13 PHP versions prior to 5.3.1 **Description** The issue allows context-dependent attackers to bypass open basedir and safe mode restrictions. This is achieved by providing an argument to the session save path function that contains multiple ; characters in conjunction with a .. (dot dot), which is not properly interpreted by the session.c in the session extension. **Recommendations** For PHP versions prior to 5.2.13, update to version 5.2.13 or later to resolve the issue. For PHP versions prior to 5.3.1, update to version 5.3.1 or later to resolve the issue.
PT-2009-5843
5.0
2009-11-23
Php · Php · CVE-2009-3557
**Name of the Vulnerable Software and Affected Versions** PHP versions 5.2.11 and earlier PHP versions 5.3.x before 5.3.1 **Description** The issue allows context-dependent attackers to bypass safe mode restrictions and create files in group-writable or world-writable directories via the `dir` and `prefix` arguments in the `tempnam` function. **Recommendations** For PHP versions 5.2.11 and earlier, update to version 5.2.12 or later. For PHP versions 5.3.x before 5.3.1, update to version 5.3.1 or later.
PT-2009-5844
6.8
2009-11-23
Php · Php · CVE-2009-3558
**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.2.12 PHP versions 5.3.x prior to 5.3.1 **Description** The issue allows context-dependent attackers to bypass open basedir restrictions and create FIFO files via the `pathname` and `mode` arguments in the `posix mkfifo` function. This can be demonstrated by creating a .htaccess file. **Recommendations** For PHP versions prior to 5.2.12, update to version 5.2.12 or later. For PHP versions 5.3.x prior to 5.3.1, update to version 5.3.1 or later.