Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2010-4156

Published: 10/11/2010 Updated: 04/05/2011
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x up to and including 5.3.3, allows context-dependent malicious users to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).

Vulnerable Product Search on Vulmon Subscribe to Product

scottmac libmbfl 1.1.0

Vendor Advisories

Debian CVElist Bug Report Logs: Three more security issues
Debian Bug report logs - #603751 Three more security issues Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 16 Nov 2010 22:33:02 UTC Severity: important ...
Ubuntu Security Notice: php5 vulnerabilities
It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting (XSS) protections This issue only affected Ubuntu 606 LTS, Ubuntu 804 LTS, and Ubuntu 910 (CVE-2009-5016) ...

Exploits

Exploit DB: PHP 5.3.x - 'mb_strcut()' Information Disclosure
# source: wwwsecurityfocuscom/bid/44727/info # # PHP is prone to an information-disclosure vulnerability # # Attackers can exploit this issue to obtain sensitive information that may lead to further attacks # <?php $b = "bbbbbbbbbbb"; str_repeat("THIS IS A SECRET MESSAGE, ISN'T IT?", 1); $var3 = mb_strcut($b, 0, 1000); echo $var3; ? ...

References

CWE-20http://www.openwall.com/lists/oss-security/2010/11/07/2http://www.openwall.com/lists/oss-security/2010/11/08/13http://secunia.com/advisories/42135http://pastie.org/1279428http://pastie.org/1279682http://www.securityfocus.com/bid/44727http://www.mandriva.com/security/advisories?name=MDVSA-2010:225http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.htmlhttp://www.vupen.com/english/advisories/2011/0020http://www.ubuntu.com/usn/USN-1042-1http://www.php.net/ChangeLog-5.phphttp://www.vupen.com/english/advisories/2011/0077http://www.vupen.com/english/advisories/2011/0021http://secunia.com/advisories/42812http://www.redhat.com/support/errata/RHSA-2011-0196.htmlhttp://secunia.com/advisories/43189http://marc.info/?l=bugtraq&m=130331363227777&w=2https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603751https://nvd.nist.govhttps://usn.ubuntu.com/1042-1/https://www.exploit-db.com/exploits/34979/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367CVE-2024-3611CVE-2024-4947CVE-2024-32988CVE-2020-35165local file inclusionCVE-2024-4980bypassmalicious code‎
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook