Page 19 of 144 results (0.011 seconds)

CVSS: 9.8EPSS: 2%CPEs: 40EXPL: 1

CVE-2016-6296 – php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c

https://notcve.org/view.php?id=CVE-2016-6296

Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function. Error de firma de entero en la función simplestring_addn en simplestring.c en xmlrpc-epi hasta la versión 0.54.2, tal como se utiliza en PHP en versiones anteriores a 5.5.38, 5.6.x en versiones anteriores a 5.6.24 y 7.x en versiones anteriores a 7.0.9, permite a atacantes remotos provocar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto no especificado a través de un primer argumento largo para la función xmlrpc_encode_request de PHP. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e6c48213c22ed50b2b987b479fcc1ac709394caa http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://openwall.com/lists/oss-security/2016/07/24/2 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3631 http://www.securityfocus.com/bid/92095 http://www.securitytracker.com/id/1036430 http://www.ubuntu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 8.8EPSS: 1%CPEs: 42EXPL: 1

CVE-2016-6297 – php: Stack-based buffer overflow vulnerability in php_stream_zip_opener

https://notcve.org/view.php?id=CVE-2016-6297

Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL. Desbordamiento de entero en la función php_stream_zip_opener en ext/zip/zip_stream.c en PHP en versiones anteriores a 5.5.38, 5.6.x en versiones anteriores a 5.6.24 y 7.x en versiones anteriores a 7.0.9 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de entero basado en pila) o posiblemente tener otro impacto no especificado a través de una URL zip:// manipulada. • http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=81406c0c1d45f75fcc7972ed974d2597abb0b9e9 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://openwall.com/lists/oss-security/2016/07/24/2 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3631 http://www.s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 6.5EPSS: 2%CPEs: 6EXPL: 0

CVE-2016-6207 – php,gd: Integer overflow error within _gdContributionsAlloc()

https://notcve.org/view.php?id=CVE-2016-6207

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors. Desbordamiento de entero en la función _gdContributionsAlloc en gd_interpolation.c en GD Graphics Library (también conocida como libgd) en versiones anteriores a 2.2.3 permite a atacantes remotos causar una denegación de servicio (escritura de memoria fuera de límites o consumo de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3630 http://www.securityfocus.com/archive/1/539100/100/0/threaded http://www.securityfocus.com/bid/92080 http://www.securitytracker.com/id/1036535 http://www.ubuntu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 8.1EPSS: 17%CPEs: 3EXPL: 5

CVE-2016-5399 – PHP 5.5.37/5.6.23/7.0.8 - 'bzread()' Out-of-Bounds Write

https://notcve.org/view.php?id=CVE-2016-5399

The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. La función bzread en ext/bz2/bz2.c en PHP en versiones anteriores a 5.5.38, 5.6.x en versiones anteriores a 5.6.24, y 7.x en versiones anteriores a 7.0.9 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de limites) o ejecutar código arbitrario a través de un archivo bz2 manipulado. A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application. PHP versions 7.0.8, 5.6.23, and 5.5.37 suffers from an out-of-bounds write vulnerability in bzread(). • https://www.exploit-db.com/exploits/40155 http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2598.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://seclists.org/fulldisclosure/2016/Jul/72 http://www.debian.org/security/2016/dsa-3631 http://www.openwall.com/lists/oss-security/2016/07/21/1 http:/&#x • CWE-390: Detection of Error Condition Without Action CWE-787: Out-of-bounds Write •

CVSS: 8.1EPSS: 92%CPEs: 21EXPL: 0

CVE-2016-5385 – PHP: sets environmental variable based on user supplied Proxy request header

https://notcve.org/view.php?id=CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. PHP hasta la versión 7.0.8 no intenta abordar los conflictos de espacio de nombres de RFC 3875 sección 4.1.18 y por lo tanto no protege aplicaciones de la presencia de datos de clientes no confiables en ambiente variable de HTTP_PROXY, lo que ppodría permitir a atacantes remotos redireccionar el tráfico HTTP saliente de una aplicación a un servidor proxy arbitrario través de una cabecera Proxy manipulada en una petición HTTP, según lo demostrado por (1) una aplicación que hace una llamada getenv('HTTP_PROXY') o (2) una configuración CGI de PHP, también conocido como problema "httpoxy". It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html http://rhn.redhat.com/errata/RHSA-2016-1609.html http://rhn.redhat.com/errata/RHSA-2016-1610.html http://rhn.redhat.com/errata/RHSA-2016-1611.html http://rhn.redhat.com/errata/RHSA-2016-1612.html http://rhn.redhat.com/errata/RHSA-2016-1613.html http://www.debian.org/security/2016/dsa-3631 http://www.kb.cert.org/vuls/id/797896 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •