CVSS: 7.5EPSS: 2%CPEs: 60EXPL: 0CVE-2015-6836 – php: SOAP serialize_function_call() type confusion
https://notcve.org/view.php?id=CVE-2015-6836
15 Sep 2015 — The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function. El método SoapClient __call en ext/soap/soap.c en PHP en versiones anteriores a 5.4.45, 5.5.x en versiones anteriores a 5.5.29 y 5.6.x en versiones anteriores a 5.6.13 no maneja adecuadamente las cabeceras... • http://www.debian.org/security/2015/dsa-3358 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 3%CPEs: 66EXPL: 0CVE-2015-6837 – php: NULL pointer dereference in XSLTProcessor class
https://notcve.org/view.php?id=CVE-2015-6837
15 Sep 2015 — The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. La función xsl_function_php e... • http://php.net/ChangeLog-5.php • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 5CVE-2015-6497 – Magento 1.9.2 File Inclusion
https://notcve.org/view.php?id=CVE-2015-6497
14 Sep 2015 — The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap. La función create en el archivo app/code/core/Mage/Catalog/Model/Product/Api/V2.php en Magento Community Edition (CE) versiones anteriores a 1.9.2.1 y Enterprise Edition (EE) versi... • https://packetstorm.news/files/id/133544 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 9%CPEs: 59EXPL: 0CVE-2015-5589 – php: segmentation fault in Phar::convertToData on invalid file
https://notcve.org/view.php?id=CVE-2015-5589
27 Aug 2015 — The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call. La función phar_convert_to_other en ext/phar_objetc.c en PHP en versiones anteriores a 5.4.43, 5.5.x en versiones anteriores a ... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=bf58162ddf970f63502837f366930e44d6a992cf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 56EXPL: 1CVE-2015-5590 – php: buffer overflow and stack smashing error in phar_fix_filepath
https://notcve.org/view.php?id=CVE-2015-5590
27 Aug 2015 — Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension. Desbordamiento de buffer basado en pila en la función phar_fix_filepath en ext/phar/phar.c en PHP en versiones anteriores a 5.4.43, 5.5.x en versiones anteriores... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=6dedeb40db13971af45276f80b5375030aa7e76f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 8%CPEs: 38EXPL: 1CVE-2015-4642 – Gentoo Linux Security Advisory 201606-10
https://notcve.org/view.php?id=CVE-2015-4642
20 Jul 2015 — The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function. La función escapeshellarg en ext/standard/exec.c en PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6.x en versiones anteriores a 5.6.10 en Windows permite a atacantes remotos eje... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 12%CPEs: 39EXPL: 0CVE-2015-4644 – php: NULL pointer dereference in php_pgsql_meta_data()
https://notcve.org/view.php?id=CVE-2015-4644
07 Jul 2015 — The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352. La función php_pgsql_meta_data en pgsql.c en la extensión PostgreSQL (también conocida como pgsq... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 10%CPEs: 27EXPL: 1CVE-2015-4643 – php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022)
https://notcve.org/view.php?id=CVE-2015-4643
07 Jul 2015 — Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. Desbordamiento de entero en la función ftp_genlist en ext/ftp/ftp.c en PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6.x en versiones anter... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 15%CPEs: 41EXPL: 1CVE-2015-4604 – php: denial of service when processing a crafted file with Fileinfo
https://notcve.org/view.php?id=CVE-2015-4604
23 Jun 2015 — The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. La función mget en softmagic.c en file 5.x, tal como se utiliza en el componente Fileinfo en PHP en versiones... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f938112c495b0d26572435c0be73ac0bfe642ecd • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 41EXPL: 1CVE-2015-3411 – php: missing null byte checks for paths in various PHP extensions
https://notcve.org/view.php?id=CVE-2015-3411
23 Jun 2015 — PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. PHP en versiones... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=4435b9142ff9813845d5c97ab29a5d637bedb257 • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •