CVSS: 10.0EPSS: 16%CPEs: 122EXPL: 1CVE-2012-2688 – php: Integer Signedness issues in _php_stream_scandir
https://notcve.org/view.php?id=CVE-2012-2688
20 Jul 2012 — Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow." Vulnerabilidad no especificada,relacionado con un "desbordamiento", en la función _php_stream_scandir en la implementación de los flujos (streams) en PHP antes de v5.3.15 y v5.4.x antes de v5.4.5 tiene un impacto desconocido y vectores de ataque a remotos. PHP is an HTML-embedded scripting language commo... • https://github.com/shelld3v/CVE-2012-2688 •
CVSS: 9.8EPSS: 15%CPEs: 2EXPL: 2CVE-2012-2386 – PHP 'phar' Extension 1.1.1 - Heap Overflow
https://notcve.org/view.php?id=CVE-2012-2386
07 Jul 2012 — Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow. Desbordamiento de entero en la función phar_parse_tarfile en tar.c en la extensión en PHP v5.4.x anterior a v5.3.14 y v5.4.4 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o... • https://www.exploit-db.com/exploits/17201 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 66EXPL: 0CVE-2012-2143 – crypt(): DES encrypted password weakness
https://notcve.org/view.php?id=CVE-2012-2143
05 Jul 2012 — The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. La función crypt_des (también conocido como crypt basado en DES), en FreeBSD v9.0-RELEASE-p2, tal y ... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34 • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 2%CPEs: 49EXPL: 5CVE-2012-1172 – php: $_FILES array indexes corruption
https://notcve.org/view.php?id=CVE-2012-1172
24 May 2012 — The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. La aplicación de carga de archivos en rfc1867.c en PHP anterior a v5.4.0 no maneja correctamente caracteres válidos [(corchete abierto... • http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 14%CPEs: 117EXPL: 2CVE-2012-2376 – PHP 5.4.3 (Windows x86 Polish) - Code Execution
https://notcve.org/view.php?id=CVE-2012-2376
21 May 2012 — Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012. Desbordamiento de búfer en la función com_print_typeinfo en PHP v5.4.3 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o ejecutar código de su elección mediante argumentos que provocan una gestión in... • https://www.exploit-db.com/exploits/18861 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 17%CPEs: 2EXPL: 0CVE-2012-2335 – HP Security Bulletin HPSBMU02900
https://notcve.org/view.php?id=CVE-2012-2335
11 May 2012 — php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. php-wrapper.fcgi no maneja apropiadamente argumentos de línea de comandos, lo que permite a atacantes remotos evitar mecanismos de protección de PHP 5.3.12 y 5.4.2 y ejecutar código arbitrario utilizand... • http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 4%CPEs: 119EXPL: 4CVE-2012-2336 – Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-2336
11 May 2012 — sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. sapi/cgi/cgi_main.c de PHP anteriores a... • https://www.exploit-db.com/exploits/29290 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 93%CPEs: 119EXPL: 4CVE-2012-2311 – Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-2311
11 May 2012 — sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. sapi/cgi/cgi_main.c de PHP anteriores a 5.3... • https://www.exploit-db.com/exploits/29290 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 61%CPEs: 3EXPL: 1CVE-2012-2329 – PHP 5.4.3 - apache_request_headers Function Buffer Overflow
https://notcve.org/view.php?id=CVE-2012-2329
11 May 2012 — Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request. Desbordamiento de buffer en la función apache_request_headers de sapi/cgi/cgi_main.c de PHP 5.4.x anteriores a la 5.4.3 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una cadena extensa en la cabecera de una petición HTTP. Potent... • https://www.exploit-db.com/exploits/19231 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 95%CPEs: 52EXPL: 19CVE-2012-1823 – PHP-CGI Query String Parameter Vulnerability
https://notcve.org/view.php?id=CVE-2012-1823
11 May 2012 — sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. sapi/cgi/cgi_main.c en PHP antes de v5.3.12 y v5.4.x antes de v5.4.2, cuando se configura como un script CGI (también conocido como php-cgi), no ... • https://packetstorm.news/files/id/123828 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •