CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 5CVE-2015-6497 – Magento 1.9.2 File Inclusion
https://notcve.org/view.php?id=CVE-2015-6497
14 Sep 2015 — The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap. La función create en el archivo app/code/core/Mage/Catalog/Model/Product/Api/V2.php en Magento Community Edition (CE) versiones anteriores a 1.9.2.1 y Enterprise Edition (EE) versi... • https://packetstorm.news/files/id/133544 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 59EXPL: 0CVE-2015-5589 – php: segmentation fault in Phar::convertToData on invalid file
https://notcve.org/view.php?id=CVE-2015-5589
27 Aug 2015 — The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call. La función phar_convert_to_other en ext/phar_objetc.c en PHP en versiones anteriores a 5.4.43, 5.5.x en versiones anteriores a ... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=bf58162ddf970f63502837f366930e44d6a992cf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 56EXPL: 1CVE-2015-5590 – php: buffer overflow and stack smashing error in phar_fix_filepath
https://notcve.org/view.php?id=CVE-2015-5590
27 Aug 2015 — Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension. Desbordamiento de buffer basado en pila en la función phar_fix_filepath en ext/phar/phar.c en PHP en versiones anteriores a 5.4.43, 5.5.x en versiones anteriores... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=6dedeb40db13971af45276f80b5375030aa7e76f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 38EXPL: 1CVE-2015-4642 – Gentoo Linux Security Advisory 201606-10
https://notcve.org/view.php?id=CVE-2015-4642
20 Jul 2015 — The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function. La función escapeshellarg en ext/standard/exec.c en PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6.x en versiones anteriores a 5.6.10 en Windows permite a atacantes remotos eje... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 1CVE-2015-4643 – php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022)
https://notcve.org/view.php?id=CVE-2015-4643
07 Jul 2015 — Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. Desbordamiento de entero en la función ftp_genlist en ext/ftp/ftp.c en PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6.x en versiones anter... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 7%CPEs: 39EXPL: 0CVE-2015-4644 – php: NULL pointer dereference in php_pgsql_meta_data()
https://notcve.org/view.php?id=CVE-2015-4644
07 Jul 2015 — The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352. La función php_pgsql_meta_data en pgsql.c en la extensión PostgreSQL (también conocida como pgsq... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 6%CPEs: 41EXPL: 1CVE-2015-4605 – php: denial of service when processing a crafted file with Fileinfo
https://notcve.org/view.php?id=CVE-2015-4605
23 Jun 2015 — The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. La función mcopy en softmagic.c en file 5.x, tal como se utiliza en el componente Fileinfo en PHP en versiones anter... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f938112c495b0d26572435c0be73ac0bfe642ecd • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 8%CPEs: 39EXPL: 1CVE-2015-4600 – php: type confusion issue in unserialize() with various SOAP methods
https://notcve.org/view.php?id=CVE-2015-4600
23 Jun 2015 — The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods. La implementac... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0c136a2abd49298b66acb0cad504f0f972f5bfe8 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 6%CPEs: 41EXPL: 1CVE-2015-4604 – php: denial of service when processing a crafted file with Fileinfo
https://notcve.org/view.php?id=CVE-2015-4604
23 Jun 2015 — The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. La función mget en softmagic.c en file 5.x, tal como se utiliza en el componente Fileinfo en PHP en versiones... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f938112c495b0d26572435c0be73ac0bfe642ecd • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 6%CPEs: 7EXPL: 0CVE-2015-4601 – php: type confusion issue in unserialize() with various SOAP methods
https://notcve.org/view.php?id=CVE-2015-4601
23 Jun 2015 — PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600. PHP en versiones anteriores a 5.6.7 podría permitir a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecuar código arbitrario a través de un tipo de dato... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0c136a2abd49298b66acb0cad504f0f972f5bfe8 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •