CVSS: 9.8EPSS: 8%CPEs: 48EXPL: 0CVE-2014-9652 – file: out of bounds read in mconvert()
https://notcve.org/view.php?id=CVE-2014-9652
17 Feb 2015 — The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. La función mconvert en softmagic.c en file anterior a 5.21, utilizado en el componente Fileinfo en PHP an... • http://bugs.gw.com/view.php?id=398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 6EXPL: 0CVE-2014-9621 – Ubuntu Security Notice USN-3686-1
https://notcve.org/view.php?id=CVE-2014-9621
21 Jan 2015 — The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. El analizador ELF en file 5.16 hasta 5.21 permite a atacantes remotos causar una denegación de servicio a través de una cadena larga. Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 5%CPEs: 14EXPL: 0CVE-2014-9620 – file: limit the number of ELF notes processed
https://notcve.org/view.php?id=CVE-2014-9620
21 Jan 2015 — The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. El analizador ELF en file 5.08 hasta 5.21 permite a atacantes remotos causar una denegación de servicio a través de un número grande de notas. A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. Alexander C... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 7%CPEs: 7EXPL: 0CVE-2014-8117 – file: denial of service issue (resource consumption)
https://notcve.org/view.php?id=CVE-2014-8117
10 Dec 2014 — softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. softmagic.c en archivo anterior a 5.21 no limita adecuadamente el límite de recursividad, esto permite a atacantes remotos, provocar una denegación de servicio (consumo de CPU o rotura) mediante vectores no especificados. A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-399: Resource Management Errors CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 6%CPEs: 7EXPL: 0CVE-2014-8116 – file: multiple denial of service issues (resource consumption)
https://notcve.org/view.php?id=CVE-2014-8116
10 Dec 2014 — The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. El intérprete ELF (readelf.c) en versiones anteriores a 5.21, permite a atacantes remotos, provocar una denegaci?o de servicio (consumo de CPU o rotura) mediante un número largo de (1) programa o (2) cabeceras de sección o (3) capacidades no válidas. Multiple flaws were found in the way the File In... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-399: Resource Management Errors CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 79%CPEs: 3EXPL: 2CVE-2014-8739 – Creative Contact Form < 1.0.0 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-8739
23 Oct 2014 — Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. Una vulnerabilidad de carga de archivos sin res... • https://www.exploit-db.com/exploits/36811 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5199 – WordPress File Upload < 2.4.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-5199
08 Aug 2014 — Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad de CSRF en el plugin WordPress File Upload (wp-file-upload) anterior a 2.4.2 para WordPress permite a atacantes remotos secuestrar la autenticación de administra... • http://secunia.com/advisories/60520 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2014-3479 – file: cdf_check_stream_offset insufficient boundary check
https://notcve.org/view.php?id=CVE-2014-3479
09 Jul 2014 — The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. La función cdf_check_stream_offset en cdf.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, depende de datos de tamaño de sectores incorrect... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2014-3480 – file: cdf_count_chain insufficient boundary check
https://notcve.org/view.php?id=CVE-2014-3480
09 Jul 2014 — The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. La función cdf_count_chain function en cdf.c en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, no valida debidamente datos de la cuenta de sectores, lo que permi... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2014-3487 – file: cdf_read_property_info insufficient boundary check
https://notcve.org/view.php?id=CVE-2014-3487
09 Jul 2014 — The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. La función cdf_read_property_info en file anterior a 5.19, utilizado en el componente Fileinfo en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14, no valida debidamente un desplazamiento de flujo, lo que permite a atacantes remo... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •