Page 18 of 138 results (0.036 seconds)

CVSS: 10.0EPSS: 4%CPEs: 39EXPL: 1

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. El método SoapFault::__toString en ext/soap/soap.c en PHP en versiones anteriores a 5.4.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8 permite a atacantes remotos obtener información sensible, provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un tipo de dato no esperado, relacionado con un caso "type confusion". Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to disclose portion of its memory or crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=51856a76f87ecb24fe1385342be43610fb6c86e4 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.openwall.com/lists/oss-security/2015/06/16/12 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75251 http://www.securitytracker.com/id/1032709 https://bugs.php.net/bug.php?id=69152 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 6.5EPSS: 0%CPEs: 41EXPL: 1

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. PHP en versiones anteriores a 5.4.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8 no asegura que los nombres de ruta carezcan de la secuencia %00, lo que podría permitir a atacantes remotos leer o escribir archivos arbitrarios a través de entrada manipulada para una aplicación que llama a (1) un método de carga DOMDocument, (2) la función xmlwriter_open_uri, (3) la función finfo_file o (4) la función hash_hmac_file, según lo demostrado mediante un ataque filename\0.xml que elude una configuración prevista en la que los usuarios cliente pueden leer solamente archivos .xml. It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=4435b9142ff9813845d5c97ab29a5d637bedb257 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75255 http://www.securitytracker.com/id/1032709 ht • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •

CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 0

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files. PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6.x en versiones anteriores a 5.6.10 no asegura que los nombres de ruta carezcan de la secuencia %00, lo que podría permitir a atacantes remotos leer o escribir archivos arbitrarios a través de entrada manipulada para una aplicación que llama a (1) un método para guardar DOMDocument o (2) la función imagepsloadfont GD, según lo demostrado mediante un ataque filename\0.html que elude una configuración prevista en la que los usuarios cliente pueden escribir solamente en archivos .html. It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. • http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://rhn.redhat.com/errata/RHSA-2015-1219.html http://www.debian.org/security/2015/dsa-3344 http://www.openwall.com/lists/oss-security/2015/06/16/12 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •

CVSS: 5.3EPSS: 1%CPEs: 41EXPL: 1

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. PHP en versiones anteriores a 5.5.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8 no asegura que los nombres de ruta carezcan de secuencia %00, lo que permite a atacantes remotos leer archivos arbitrarios a través de una entrada manipulada que llama a la función stream_resolve_include_path en ext/standard/streamsfuncs.c, como se demuestra con un ataque filename\0.extension que eluce una configuración deseada en la que los usuarios cliente pueden leer archivos con sólo una extensión específica. It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=4435b9142ff9813845d5c97ab29a5d637bedb257 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75250 http://www.securitytracker.com/id/1032709 ht • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features CWE-626: Null Byte Interaction Error (Poison Null Byte) •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 2

Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm. Automatic Bug Reporting Tool (ABRT) permite a usuarios locales leer, cambiar la propiedad o realizar otras acciones no especificada en archivos arbitrarios mediante symlink attack en (1) / var / tmp / abrt / * / maps, (2) / tmp /jvm-*/hs_error.log, (3) / proc / * / exe, (4) / etc / os-release en un chroot, o (5) un directorio raíz no especificado relacionado con librpm. It was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use either of these flaws to potentially escalate their privileges on the system. • https://www.exploit-db.com/exploits/36747 https://www.exploit-db.com/exploits/44097 http://rhn.redhat.com/errata/RHSA-2015-1083.html http://rhn.redhat.com/errata/RHSA-2015-1210.html http://www.openwall.com/lists/oss-security/2015/04/14/4 http://www.openwall.com/lists/oss-security/2015/04/16/12 http://www.securityfocus.com/bid/75117 https://bugzilla.redhat.com/show_bug.cgi?id=1211835 https://github.com/abrt/abrt/commit/17cb66b13997b0159b4253b3f5722db79f476d68 https:/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •