Page 36 of 405 results (0.023 seconds)

CVSS: 7.5EPSS: 95%CPEs: 49EXPL: 2

Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function. Múltiples vulnerabilidades de uso después de liberación en ext/date/php_date.c en PHP anterior a 5.4.38, 5.5.x anterior a 5.5.22, y 5.6.x anterior a 5.6.6 permiten a atacantes remotos ejecutar código arbitrario a través de entradas serializadas manipuladas que contienen un especificador de tipo (1) R o (2) r en (a) datos de DateTimeZone manejados por la función php_date_timezone_initialize_from_hash o (b) datos de DateTime manejados por la función php_date_initialize_from_hash. A use-after-free flaw was found in the unserialize() function of PHP's DateTimeZone implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory. PHP versions below 5.6.6, below 5.5.22, and below 5.4.38 suffer from a use-after-free vulnerability in DateTime. • https://www.exploit-db.com/exploits/36158 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=71335e6ebabc1b12c057d8017fd811892ecdfd24 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html http& • CWE-416: Use After Free •

CVSS: 7.5EPSS: 14%CPEs: 7EXPL: 1

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en la función _zend_shared_memdup en zend_shared_alloc.c en la extensión OPcache en PHP hasta 5.6.7 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=777c39f4042327eac4b63c7ee87dc1c7a09a3115 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://openwall.com/lists/oss-security/2015/01/24/9 http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.redhat.com/errata/RHSA-2015-1066.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/to • CWE-416: Use After Free •

CVSS: 5.0EPSS: 8%CPEs: 48EXPL: 0

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. La función mconvert en softmagic.c en file anterior a 5.21, utilizado en el componente Fileinfo en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior a 5.6.5, no maneja correctamente cierto campo de longitud de cadenas durante una copia de una versión trucada de una cadena Pascal, lo que podría permitir a atacantes remotos causar una denegación de servicio (acceso a memoria fuera de rango y caída de aplicación) a través de un fichero manipulado. An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file. • http://bugs.gw.com/view.php?id=398 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://openwall.com/lists/oss-security/2015/02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 15%CPEs: 4EXPL: 1

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. La función build_tablename en pgsql.c en la extensión PostgreSQL (también conocido como pgsql) en PHP hasta 5.6.7 no valida la extracción de tokens para nombres de tablas, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de aplicación) a través de un nombre manipulado. A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to a function such as pg_insert() or pg_select() could cause a PHP application to crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=124fb22a13fafa3648e4e15b4f207c7096d8155e http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://openwall.com/lists/oss-security/2015/01/24/9 http://rhn.redhat.com/errata/RHSA-2015-1053.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.oracle.com/technetwork • CWE-476: NULL Pointer Dereference •

CVSS: 6.8EPSS: 88%CPEs: 84EXPL: 1

The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. La función exif_process_unicode en ext/exif/exif.c en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior a 5.6.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (liberación de puntero no inicializado y caída de la aplicación) a través de datos EXIF manipulados en una imagen JPEG. An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. • http://advisories.mageia.org/MGASA-2015-0040.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=21bc7464f454fec18a9ec024c738f195602fee2a http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2fc178cf448d8e1b95d1314e47eeef610729e0df http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=55001de6d8c6ed2aada870a76de1e4b4558737bf http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html http://lists.opensuse.org/opensuse-updates/2015& • CWE-822: Untrusted Pointer Dereference •