Description
It was discovered that the PHP XSL extension did not restrict the file
writing capability of libxslt. A remote attacker could use this flaw to
create or overwrite an arbitrary file that is writable by the user running
PHP, if a PHP script processed untrusted eXtensible Style Sheet Language
Transformations (XSLT) content. (CVE-2012-0057)
A flaw was found in the way PHP validated file names in file upload
requests. A remote attacker could possibly use this flaw to bypass the
sanitization of the uploaded file names, and cause a PHP script to store
the uploaded file in an unexpected directory, by using a directory
traversal attack. (CVE-2012-1172)
It was discovered that the fix for CVE-2012-1823, released via
RHSA-2012:0546, did not properly filter all php-cgi command line arguments.
A specially-crafted request to a PHP script could cause the PHP interpreter
to output usage information that triggers an Internal Server Error.
(CVE-2012-2336)
A memory leak flaw was found in the PHP strtotime() function call. A remote
attacker could possibly use this flaw to cause excessive memory consumption
by triggering many strtotime() function calls. (CVE-2012-0789)
It was found that PHP did not check the zend_strndup() function's return
value in certain cases. A remote attacker could possibly use this flaw to
crash a PHP application. (CVE-2011-4153)