CVSS: 9.8EPSS: 33%CPEs: 65EXPL: 1CVE-2015-4024 – php: multipart/form-data request parsing CPU usage DoS
https://notcve.org/view.php?id=CVE-2015-4024
09 Jun 2015 — Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. Vulnerabilidad de complejidad algorítmica en la función multipart_buffer_headers en main/rfc1867.c en PHP anterior a 5.4.41, 5.5.x anterior a 5.5.25, y 5.6.x anterior a 5.6.9 permiten a atacantes remotos ca... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •
CVSS: 9.8EPSS: 4%CPEs: 59EXPL: 1CVE-2015-3307 – php: invalid pointer free() in phar_tar_process_metadata()
https://notcve.org/view.php?id=CVE-2015-3307
09 Jun 2015 — The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. La función phar_parse_metadata en ext/phar/phar.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permite a atacantes remotos causar una denegación de servicio (corrupción de metadatos de la memoria dinámica) o posibl... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 61EXPL: 0CVE-2015-4025 – php: regressions in 5.4+
https://notcve.org/view.php?id=CVE-2015-4025
09 Jun 2015 — PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. PHP anterior a 5.4.41, 5.5.x anterior a 5.5.25, y 5.6.x anterior a 5.6.9 tr... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-19: Data Processing Errors CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 9.8EPSS: 3%CPEs: 61EXPL: 1CVE-2015-4026 – php: pcntl_exec() accepts paths with NUL character
https://notcve.org/view.php?id=CVE-2015-4026
09 Jun 2015 — The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. La implementación pcntl_exec en PHP anterior a 5.4.41, 5.5.x anterior a 5.5.25, y 5.6.x anterior a 5.6.9 trunca un nombre de ruta al... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-19: Data Processing Errors CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 9.8EPSS: 3%CPEs: 54EXPL: 3CVE-2015-4148 – SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration
https://notcve.org/view.php?id=CVE-2015-4148
04 Jun 2015 — The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue. La función do_soap_call en ext/soap/soap.c en PHP anterior a 5.4.39, 5.5.x anterior a 5.5.23, y 5.6.x anterior a 5.6.7 no verifica que la propiedad uri es una cadena, lo que permite a atacant... • https://www.exploit-db.com/exploits/38304 • CWE-20: Improper Input Validation CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 34%CPEs: 54EXPL: 2CVE-2015-4147 – php: SoapClient's __call() type confusion through unserialize()
https://notcve.org/view.php?id=CVE-2015-4147
04 Jun 2015 — The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue. El método SoapClient::__call en ext/soap/soap.c en PHP anterior a 5.4.39, 5.5.x anterior a 5.5.23, y 5.6.x anterior a 5.6.7 no verifica que __default_headers es un array, lo que permite... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-19: Data Processing Errors CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 3%CPEs: 58EXPL: 1CVE-2015-2783 – php: buffer over-read in Phar metadata parsing
https://notcve.org/view.php?id=CVE-2015-2783
20 Apr 2015 — ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. ext/phar/phar.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permite a atacantes remotos obte... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 6%CPEs: 61EXPL: 1CVE-2015-3330 – php: pipelined request executed in deinitialized interpreter under httpd 2.4
https://notcve.org/view.php?id=CVE-2015-3330
20 Apr 2015 — The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." La función php_handler en sapi/apache2handler/sapi_apache2.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8, cuando Apache HTTP S... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 45%CPEs: 67EXPL: 1CVE-2015-3329 – php: buffer overflow in phar_set_inode()
https://notcve.org/view.php?id=CVE-2015-3329
20 Apr 2015 — Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. Múltiples desbordamientos de buffer basado en pila en la función phar_set_inode en phar_internal.h en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permiten a atacantes remotos ejecutar código arbitrario a travé... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 17%CPEs: 66EXPL: 1CVE-2015-2787 – php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
https://notcve.org/view.php?id=CVE-2015-2787
30 Mar 2015 — Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. Vulnerabilidad de uso después de liberación en la función process_nested_data en ext/standard/var_unserializer.re en PHP anterior a 5.4.39, 5.5.x anterior a 5.5... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-416: Use After Free •