Page 37 of 217 results (0.006 seconds)

CVSS: 7.5EPSS: 13%CPEs: 54EXPL: 2

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue. El método SoapClient::__call en ext/soap/soap.c en PHP anterior a 5.4.39, 5.5.x anterior a 5.5.23, y 5.6.x anterior a 5.6.7 no verifica que __default_headers es un array, lo que permite a atacantes remotos ejecutar código arbitrario mediante la provisión de datos serializados manipulados con un tipo de datos no esperado, relacionado con un problema de 'confusión de tipo'. A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://openwall.com/lists/oss-security/2015/06/01/4 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.redhat.com/errata/RHSA-2015-1066.html http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.oracle.com/technetwork/topics&# • CWE-19: Data Processing Errors CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 5.0EPSS: 3%CPEs: 54EXPL: 3

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue. La función do_soap_call en ext/soap/soap.c en PHP anterior a 5.4.39, 5.5.x anterior a 5.5.23, y 5.6.x anterior a 5.6.7 no verifica que la propiedad uri es una cadena, lo que permite a atacantes remotos obtener información sensible mediante la provisión de datos serializados manipulados con un tipo de datos int, relacionados con un problema de 'confusión de tipo'. A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • https://www.exploit-db.com/exploits/38304 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00028.html http://openwall.com/lists/oss-security/2015/06/01/4 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.redhat.com/errata/RHSA-2015-1066.html http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http&# • CWE-20: Improper Input Validation CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 5.9EPSS: 0%CPEs: 27EXPL: 1

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. Oracle MySQL en versiones anteriores a 5.7.3, Oracle MySQL Connector/C (también conocido como libmysqlclient) en versiones anteriores a 6.1.3 y MariaDB en versiones anteriores a 5.5.44 utiliza la opción --ssl significa que SSL es opcional, lo que permite a atacantes man-in-the-middle suplantar servidores a través de un ataque de degradación de texto plano, también conocida como un ataque "BACKRONYM". It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn& • CWE-295: Improper Certificate Validation •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. SQLite anterior a 3.8.9 no implementa correctamente la descomillación de nombres de secuencias de colaciones, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (acceso a memoria no inicializada y caída de aplicación) o posiblemente tener otro impacto no especificado a través de una clausula COLLATE manipulada, tal y como fue demostrado por COLLATE'''''''' al final de una declaración SELECT. A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://rhn.redhat.com/errata/RHSA-2015-1635.html http://seclists.org/fulldisclosure/2015/Apr/31 http://www.debian.org/security/2015/dsa-3252 http://www.mandriva.com/security/advisories?name=MDVSA-2015:217 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-295 • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. La función sqlite3VXPrintf en printf.c en SQLite anterior a 3.8.9 no maneja correctamente los valores de precisión y anchura durante las conversaciones de puntos flotantes (floating-point), lo que permite a atacantes dependientes de contexto causar una denegación de servicio (desbordamiento de enteros y desbordamiento de buffer basado en pila) o posiblemente tener otro impacto no especificado a través de enteros grandes en una llamada a la función printf manipulada en una declaración SELECT. It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://rhn.redhat.com/errata/RHSA-2015-1634.html http://rhn.redhat.com/errata/RHSA-2015-1635.html http://seclists.org/fulldisclosure/2015/Apr/31 http://www.debian.org/security/2015/dsa-3252 http://www.mandriva.com/security/advisories?name=MDVSA-2015:217 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http:/&#x • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •