Page 23 of 136 results (0.013 seconds)

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors. Vulnerabilidad de CSRF en el módulo Webform Multiple File Upload 6.x-1.x anterior a 6.x-1.3 y 7.x-1.x anterior a 7.x-1.3 para Drupal permite a atacantes remotos secuestrar la autenticación de ciertos usuarios para solicitudes que eliminan ficheros a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/74343 https://www.drupal.org/node/2459031 https://www.drupal.org/node/2459035 https://www.drupal.org/node/2459323 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 4%CPEs: 49EXPL: 0

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. readelf.c en file anterior a 5.22, utilizado en el componente Fileinfo en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior a 5.6.5, no considera que las llamadas a pread a veces leen solamente un subjuego de los datos disponibles, lo que permite a atacantes remotos causar una denegación de servicio (acceso a memoria no inicializada) o posiblemente tener otro impacto a través de un fichero ELF manipulado. A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or disclose certain portions of server memory. • http://bugs.gw.com/view.php?id=409 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://mx.gw.com/pipermail/file/2014/001649.html http://openwall.com/lists/oss-security/2015/02/05/13 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2016-0760.html http://www.debian.org/security/2015/dsa-3196 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www&# • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 8%CPEs: 48EXPL: 0

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. La función mconvert en softmagic.c en file anterior a 5.21, utilizado en el componente Fileinfo en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior a 5.6.5, no maneja correctamente cierto campo de longitud de cadenas durante una copia de una versión trucada de una cadena Pascal, lo que podría permitir a atacantes remotos causar una denegación de servicio (acceso a memoria fuera de rango y caída de aplicación) a través de un fichero manipulado. An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file. • http://bugs.gw.com/view.php?id=398 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://openwall.com/lists/oss-security/2015/02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 5%CPEs: 14EXPL: 0

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. El analizador ELF en file 5.08 hasta 5.21 permite a atacantes remotos causar una denegación de servicio a través de un número grande de notas. A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. • http://advisories.mageia.org/MGASA-2015-0040.html http://mx.gw.com/pipermail/file/2014/001653.html http://mx.gw.com/pipermail/file/2015/001660.html http://rhn.redhat.com/errata/RHSA-2016-0760.html http://www.debian.org/security/2015/dsa-3121 http://www.openwall.com/lists/oss-security/2015/01/17/9 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/71715 https://github.com/file/file/commit/ce90e05774dd77d86cf • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.0EPSS: 3%CPEs: 6EXPL: 0

The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. El analizador ELF en file 5.16 hasta 5.21 permite a atacantes remotos causar una denegación de servicio a través de una cadena larga. • http://advisories.mageia.org/MGASA-2015-0040.html http://mx.gw.com/pipermail/file/2014/001654.html http://mx.gw.com/pipermail/file/2015/001660.html http://www.openwall.com/lists/oss-security/2015/01/17/9 https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c https://security.gentoo.org/glsa/201503-08 https://usn.ubuntu.com/3686-1 • CWE-399: Resource Management Errors •