Page 31 of 294 results (0.007 seconds)

CVSS: 7.5EPSS: 8%CPEs: 41EXPL: 1

CVE-2015-4605 – php: denial of service when processing a crafted file with Fileinfo

https://notcve.org/view.php?id=CVE-2015-4605

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. La función mcopy en softmagic.c en file 5.x, tal como se utiliza en el componente Fileinfo en PHP en versiones anteriores a 5.4.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8, no restringe correctamente un cierto valor de desplazamiento, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de una cadena manipulada que no es manejada correctamente por una regla "secuencia de comandos de texto ejecutable de Python". • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f938112c495b0d26572435c0be73ac0bfe642ecd http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://www.openwall.com/lists/oss-security/2015/06/16/12 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75233 http://www.securitytracker.com/id • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 41EXPL: 1

CVE-2015-3411 – php: missing null byte checks for paths in various PHP extensions

https://notcve.org/view.php?id=CVE-2015-3411

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. PHP en versiones anteriores a 5.4.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8 no asegura que los nombres de ruta carezcan de la secuencia %00, lo que podría permitir a atacantes remotos leer o escribir archivos arbitrarios a través de entrada manipulada para una aplicación que llama a (1) un método de carga DOMDocument, (2) la función xmlwriter_open_uri, (3) la función finfo_file o (4) la función hash_hmac_file, según lo demostrado mediante un ataque filename\0.xml que elude una configuración prevista en la que los usuarios cliente pueden leer solamente archivos .xml. It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=4435b9142ff9813845d5c97ab29a5d637bedb257 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75255 http://www.securitytracker.com/id/1032709 ht • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •

CVSS: 5.3EPSS: 1%CPEs: 41EXPL: 1

CVE-2015-3412 – php: missing null byte checks for paths in various PHP extensions

https://notcve.org/view.php?id=CVE-2015-3412

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. PHP en versiones anteriores a 5.5.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8 no asegura que los nombres de ruta carezcan de secuencia %00, lo que permite a atacantes remotos leer archivos arbitrarios a través de una entrada manipulada que llama a la función stream_resolve_include_path en ext/standard/streamsfuncs.c, como se demuestra con un ataque filename\0.extension que eluce una configuración deseada en la que los usuarios cliente pueden leer archivos con sólo una extensión específica. It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=4435b9142ff9813845d5c97ab29a5d637bedb257 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75250 http://www.securitytracker.com/id/1032709 ht • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features CWE-626: Null Byte Interaction Error (Poison Null Byte) •

CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 0

CVE-2015-4598 – php: missing null byte checks for paths in DOM and GD extensions

https://notcve.org/view.php?id=CVE-2015-4598

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files. PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6.x en versiones anteriores a 5.6.10 no asegura que los nombres de ruta carezcan de la secuencia %00, lo que podría permitir a atacantes remotos leer o escribir archivos arbitrarios a través de entrada manipulada para una aplicación que llama a (1) un método para guardar DOMDocument o (2) la función imagepsloadfont GD, según lo demostrado mediante un ataque filename\0.html que elude una configuración prevista en la que los usuarios cliente pueden escribir solamente en archivos .html. It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. • http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://rhn.redhat.com/errata/RHSA-2015-1219.html http://www.debian.org/security/2015/dsa-3344 http://www.openwall.com/lists/oss-security/2015/06/16/12 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •

CVSS: 10.0EPSS: 4%CPEs: 39EXPL: 1

CVE-2015-4599 – php: type confusion issue in unserialize() with various SOAP methods

https://notcve.org/view.php?id=CVE-2015-4599

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. El método SoapFault::__toString en ext/soap/soap.c en PHP en versiones anteriores a 5.4.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8 permite a atacantes remotos obtener información sensible, provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un tipo de dato no esperado, relacionado con un caso "type confusion". Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to disclose portion of its memory or crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=51856a76f87ecb24fe1385342be43610fb6c86e4 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.openwall.com/lists/oss-security/2015/06/16/12 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75251 http://www.securitytracker.com/id/1032709 https://bugs.php.net/bug.php?id=69152 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •