CVSS: 7.5EPSS: 14%CPEs: 7EXPL: 1CVE-2015-1351 – php: use after free in opcache extension
https://notcve.org/view.php?id=CVE-2015-1351
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en la función _zend_shared_memdup en zend_shared_alloc.c en la extensión OPcache en PHP hasta 5.6.7 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=777c39f4042327eac4b63c7ee87dc1c7a09a3115 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://openwall.com/lists/oss-security/2015/01/24/9 http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.redhat.com/errata/RHSA-2015-1066.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/to • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2010-0898
https://notcve.org/view.php?id=CVE-2010-0898
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad sin especificar en Oracle Secure Backup v10.3.0.1, permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 9.0EPSS: 97%CPEs: 2EXPL: 0CVE-2010-0899 – Oracle Secure Backup Administration $other Variable Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0899
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0907, and CVE-2010-0906. Vulnerabilidad no especificada en Oracle Secure Backup v10.3.0.1, permite a usuarios autenticados remotamente afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2010-0898, CVE-2010-0907, and CVE-2010-0906. This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.php script located on the Oracle Secure Backup administration server. Due to the lack of filtering on special characters it is possible to specify arbitrary commands to the command line being executed by the administration server. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 0CVE-2010-0907 – Oracle Secure Backup Web Interface Various Post-Auth Command Injection Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0907
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0899, CVE-2010-0904, and CVE-2010-0906. Vulnerabilidad no especificada en Oracle Secure Backup v10.3.0.1, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2010-0898, CVE-2010-0899, CVE-2010-0904, y CVE-2010-0906. This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameters to the internal obtool binary running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 0CVE-2010-0906 – Oracle Secure Backup Administration Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0906
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en Oracle Secure Backup 10.3.0.1 permite a atacantes remotos autenticados comprometer la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos. This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'preauth' variable to the script index.php used in the administration server running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •