Page 26 of 334 results (0.009 seconds)

CVSS: 6.8EPSS: 6%CPEs: 15EXPL: 0

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. La función phar_get_entry_data en ext/phar/util.c en PHP en versiones anteriores a 5.5.30 y 5.6.x en versiones anteriores a 5.6.14 permite a atacantes remotos causar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un archivo .phar con una entrada de archivo TAR manipulada en la cual el indicador Link referencia a un archivo que no existe. A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d698f0ae51f67c9cce870b09c59df3d6ba959244 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html http://www.debian.org/security/2015/dsa-3380 http://www.openwall.com/lists/oss-security/2015/10/05/8 http://www.php.net& • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization. Múltiples vulnerabilidades de uso después de liberación de memoria en SPL en PHP en versiones anteriores a 5.4.44, 5.5.x en versiones anteriores a 5.5.28 y 5.6.x en versiones anteriores a 5.6.12 permiten a atacantes remotos ejecutar código arbitrario involucrando vectores (1) ArrayObject, (2) SplObjectStorage y (3) SplDoublyLinkedList, los cuales no son manejados adecuadamente durante la deserialización. A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://www.debian.org/security/2015/dsa-3344 http://www.openwall.com/lists/oss-security/2015/08/19/3 http://www.php.net/ChangeLog-5.php http://www.securityfocus.com/bid/76737 https://bugs.php.net/bug.php?id=70155 https://bugs.php.net/bug.php?id=70166 https://bugs.php.net/bug.php?id=70168 https://bugs.php.net/bug.php?id=70169 https://security.gentoo.org/glsa/201606-10 https://access.redhat.com/security/cve/CVE-2015-6831 https://bugzilla.r • CWE-416: Use After Free •

CVSS: 7.5EPSS: 1%CPEs: 58EXPL: 0

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field. Vulnerabilidad de uso después de liberación de memoria en la implementación de SPL unserialize en ext/spl/spl_array.c en PHP en versiones anteriores a 5.4.44, 5.5.x en versiones anteriores a 5.5.28 y 5.6.x en versiones anteriores a 5.6.12 permite a atacantes remotos ejecutar código arbitrario a través de datos serializados manipulados que desencadenan un uso incorrecto de un campo array. A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://www.debian.org/security/2015/dsa-3344 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=70068 https://security.gentoo.org/glsa/201606-10 https://access.redhat.com/security/cve/CVE-2015-6832 https://bugzilla.redhat.com/show_bug.cgi?id=1256322 •

CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call. Vulnerabilidad de salto de directorio en la clase PharData en PHP en versiones anteriores a 5.4.44, 5.5.x en versiones anteriores a 5.5.28 y 5.6.x en versiones anteriores a 5.6.12 permite a atacantes remotos escribir a archivos arbitrarios a través de .. (punto punto) en una entrada de archivo ZIP que es manejada incorrectamente durante una llamada extractTo. A flaw was found in the way the way PHP's Phar extension parsed Phar archives. • http://www.debian.org/security/2015/dsa-3344 http://www.openwall.com/lists/oss-security/2015/08/19/3 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=70019 https://security.gentoo.org/glsa/201606-10 https://access.redhat.com/security/cve/CVE-2015-6833 https://bugzilla.redhat.com/show_bug.cgi?id=1283702 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 2%CPEs: 66EXPL: 0

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. La función xsl_function_php en ext/xsl/xsl/xsltprocessor.c en PHP en versiones anteriores a 5.4.45, 5.5.x en versiones anteriores a 5.5.29 y 5.6.x en versiones anteriores a 5.6.13, cuando se utiliza libxml2 en versiones anteriores a 2.9.2, no considera la posibilidad de un retorno NULL valuePop antes de proceder a una operación libre durante la comprobación inicial de errores, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULO y caída de aplicación) a través de un documento XML manipulado, una vulnerabilidad diferente a CVE-2015-6838. A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. • http://php.net/ChangeLog-5.php http://www.debian.org/security/2015/dsa-3358 http://www.securityfocus.com/bid/76738 http://www.securitytracker.com/id/1033548 https://bugs.php.net/bug.php?id=69782 https://security.gentoo.org/glsa/201606-10 https://access.redhat.com/security/cve/CVE-2015-6837 https://bugzilla.redhat.com/show_bug.cgi?id=1260711 • CWE-476: NULL Pointer Dereference •