CVSS: 7.5EPSS: 4%CPEs: 66EXPL: 0CVE-2015-6838 – php: NULL pointer dereference in XSLTProcessor class
https://notcve.org/view.php?id=CVE-2015-6838
15 Sep 2015 — The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. La función xsl_function_p... • http://php.net/ChangeLog-5.php • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 39%CPEs: 63EXPL: 2CVE-2015-6835 – PHP Session Deserializer - Use-After-Free
https://notcve.org/view.php?id=CVE-2015-6835
15 Sep 2015 — The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content. La sesión deserializer en PHP en versiones anteriores a 5.4.45, 5.5.x en versiones anteriores a 5.5.29 y 5.6.x en versiones anteriores a 5.6.13 no es correctamente manejada en llamadas multiples php_var_unserialize, lo que permite a atacantes ... • https://www.exploit-db.com/exploits/38123 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 5CVE-2015-6497 – Magento 1.9.2 File Inclusion
https://notcve.org/view.php?id=CVE-2015-6497
14 Sep 2015 — The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap. La función create en el archivo app/code/core/Mage/Catalog/Model/Product/Api/V2.php en Magento Community Edition (CE) versiones anteriores a 1.9.2.1 y Enterprise Edition (EE) versi... • https://packetstorm.news/files/id/133544 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 10%CPEs: 59EXPL: 0CVE-2015-5589 – php: segmentation fault in Phar::convertToData on invalid file
https://notcve.org/view.php?id=CVE-2015-5589
27 Aug 2015 — The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call. La función phar_convert_to_other en ext/phar_objetc.c en PHP en versiones anteriores a 5.4.43, 5.5.x en versiones anteriores a ... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=bf58162ddf970f63502837f366930e44d6a992cf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 56EXPL: 1CVE-2015-5590 – php: buffer overflow and stack smashing error in phar_fix_filepath
https://notcve.org/view.php?id=CVE-2015-5590
27 Aug 2015 — Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension. Desbordamiento de buffer basado en pila en la función phar_fix_filepath en ext/phar/phar.c en PHP en versiones anteriores a 5.4.43, 5.5.x en versiones anteriores... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=6dedeb40db13971af45276f80b5375030aa7e76f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 8%CPEs: 38EXPL: 1CVE-2015-4642 – Gentoo Linux Security Advisory 201606-10
https://notcve.org/view.php?id=CVE-2015-4642
20 Jul 2015 — The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function. La función escapeshellarg en ext/standard/exec.c en PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6.x en versiones anteriores a 5.6.10 en Windows permite a atacantes remotos eje... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 5%CPEs: 39EXPL: 0CVE-2015-4644 – php: NULL pointer dereference in php_pgsql_meta_data()
https://notcve.org/view.php?id=CVE-2015-4644
07 Jul 2015 — The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352. La función php_pgsql_meta_data en pgsql.c en la extensión PostgreSQL (también conocida como pgsq... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 12%CPEs: 27EXPL: 1CVE-2015-4643 – php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022)
https://notcve.org/view.php?id=CVE-2015-4643
07 Jul 2015 — Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. Desbordamiento de entero en la función ftp_genlist en ext/ftp/ftp.c en PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6.x en versiones anter... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 41EXPL: 1CVE-2015-3411 – php: missing null byte checks for paths in various PHP extensions
https://notcve.org/view.php?id=CVE-2015-3411
23 Jun 2015 — PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. PHP en versiones... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=4435b9142ff9813845d5c97ab29a5d637bedb257 • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 5.3EPSS: 0%CPEs: 41EXPL: 1CVE-2015-3412 – php: missing null byte checks for paths in various PHP extensions
https://notcve.org/view.php?id=CVE-2015-3412
23 Jun 2015 — PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. PHP en versiones anteriores a 5.5.40, 5.5.x en versiones an... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=4435b9142ff9813845d5c97ab29a5d637bedb257 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features CWE-626: Null Byte Interaction Error (Poison Null Byte) •