CVSS: 8.1EPSS: 17%CPEs: 3EXPL: 5CVE-2016-5399 – PHP 5.5.37/5.6.23/7.0.8 - 'bzread()' Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2016-5399
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. La función bzread en ext/bz2/bz2.c en PHP en versiones anteriores a 5.5.38, 5.6.x en versiones anteriores a 5.6.24, y 7.x en versiones anteriores a 7.0.9 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de limites) o ejecutar código arbitrario a través de un archivo bz2 manipulado. A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application. PHP versions 7.0.8, 5.6.23, and 5.5.37 suffers from an out-of-bounds write vulnerability in bzread(). • https://www.exploit-db.com/exploits/40155 http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2598.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://seclists.org/fulldisclosure/2016/Jul/72 http://www.debian.org/security/2016/dsa-3631 http://www.openwall.com/lists/oss-security/2016/07/21/1 http:/&#x • CWE-390: Detection of Error Condition Without Action CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 22%CPEs: 22EXPL: 3CVE-2016-6174 – IPS Community Suite 4.1.12.3 - PHP Code Injection
https://notcve.org/view.php?id=CVE-2016-6174
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter. applications/core/modules/front/system/content.php en Invision Power Services IPS Community Suite (también conocido como Invision Power Board, IPB o Power Board) en versiones anteriores a 4.1.13, cuando se utiliza con PHP en versiones anteriores a 5.4.24 o 5.5.x en versiones anteriores a 5.5.8, permite a atacantes remotos ejecutar código arbitrario a través del parámetro content_class. IPS Community Suite versions 4.1.12.3 and below suffer from a remote PHP code injection vulnerability. • https://www.exploit-db.com/exploits/40084 http://karmainsecurity.com/KIS-2016-11 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.html http://seclists.org/fulldisclosure/2016/Jul/19 http://www.securityfocus.com/bid/91732 https://invisionpower.com/release-notes/4113-r44 https://support.apple.com/HT207170 •
CVSS: 9.8EPSS: 5%CPEs: 40EXPL: 0CVE-2016-5769
https://notcve.org/view.php?id=CVE-2016-5769
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions. Múltiples desbordamientos de entero en mcrypt.c en la extensión mcrypt en PHP en versiones anteriores a 5.5.37, 5.6.x en versiones anteriores a 5.6.23 y 7.x en versiones anteriores a 7.0.8 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de aplicación) o posiblemente tener otro impacto no especificado a través de un valor de longitud manipulado, relacionado con las funciones (1) mcrypt_generic y (2) mdecrypt_generic. • http://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0?w=1 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.debian.org/security/2016/dsa-3618 http://www. • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 24%CPEs: 62EXPL: 2CVE-2016-5766 – gd: Integer overflow in _gd2GetHeader() resulting in heap overflow
https://notcve.org/view.php?id=CVE-2016-5766
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. Desbordamiento de entero en la función _gd2GetHeader en gd_gd2.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.3, como se utiliza en PHP en versiones anteriores a 5.5.37, 5.6.x en versiones anteriores a 5.6.23 y 7.x en versiones anteriores a 7.0.8, permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de aplicación) o posiblemente tener otro impacto no especificado a través de dimensiones del pedazo en una imagen manipulada. An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image. • http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1 http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2598.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/securit • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 4%CPEs: 41EXPL: 0CVE-2016-5767 – gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
https://notcve.org/view.php?id=CVE-2016-5767
Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions. Desbordamiento de entero en la función gdImageCreate en gd.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.0.34RC1, como se utiliza en PHP en versiones anteriores a 5.5.37, 5.6.x en versiones anteriores a 5.6.23 y 7.x en versiones anteriores a 7.0.8 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de aplicación) o posiblemente tener otro impacto no especificado a través de dimensiones de imagen manipuladas. An integer overflow flaw, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted image buffer. • http://github.com/php/php-src/commit/c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6?w=1 http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2598.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •