CVSS: 10.0EPSS: 20%CPEs: 117EXPL: 2CVE-2012-2376 – PHP 5.4.3 (Windows x86 Polish) - Code Execution
https://notcve.org/view.php?id=CVE-2012-2376
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012. Desbordamiento de búfer en la función com_print_typeinfo en PHP v5.4.3 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o ejecutar código de su elección mediante argumentos que provocan una gestión incorrecta de objetos COM de tipo VARIAN, como el explotado en mayo de 2012. • https://www.exploit-db.com/exploits/18861 http://isc.sans.edu/diary.html?storyid=13255 http://openwall.com/lists/oss-security/2012/05/20/2 http://www.exploit-db.com/exploits/18861 http://www.securitytracker.com/id?1027089 https://bugzilla.redhat.com/show_bug.cgi?id=823464 https://exchange.xforce.ibmcloud.com/vulnerabilities/75778 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 119EXPL: 4CVE-2012-2336 – Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-2336
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. sapi/cgi/cgi_main.c de PHP anteriores a 5.3.13 y 5.4.x anteriores 5.4.3, si está configurado como script CGI (php-cgi), no maneja apropiadamente las cadenas de texto que no tienen un caracter = (signo de igualdad), lo que permite a atacantes remotos provocar una denegación de servicio (consumo de recursos) colocando opciones de línea de comandos en esta cadena. Relacionada con la falta de supresión de una php_getopt determinado para el caso 'T'. NOTA: esta vulnerabilidad existe por una solución incompleta de CVE-2012-1823. • https://www.exploit-db.com/exploits/29290 https://www.exploit-db.com/exploits/29316 https://www.exploit-db.com/exploits/18836 https://www.exploit-db.com/exploits/18834 http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html http://secunia.com/advisories/49014 http://www.php.net/ChangeLog-5.php#5.4.3 http://www.php.net/archive/2012.php#id2012-05-08-1 https://bugs.php.ne • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 93%CPEs: 119EXPL: 4CVE-2012-2311 – Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-2311
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. sapi/cgi/cgi_main.c de PHP anteriores a 5.3.13 y 5.4.x anteriores a 5.4.3, si está configurado como un script CGI (php-cgi), no maneja apropiadamente cadenas de petición que contienen una secuencia %3D pero ningún = (signo igual). Lo que permite a atacantes remotos ejecutar código arbitrario colocando opciones de comandos en la cadena de petición. Relacionado con la falta de supresión de un determinado php_getopt para el caso 'd'. NOTA: esta vulnerabilidad se debe a una solución incompleta de CVE-2012-1823. • https://www.exploit-db.com/exploits/29290 https://www.exploit-db.com/exploits/29316 https://www.exploit-db.com/exploits/18836 https://www.exploit-db.com/exploits/18834 http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html http://lists.opensuse.org/opensu • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 91%CPEs: 52EXPL: 11CVE-2012-1823 – PHP-CGI Query String Parameter Vulnerability
https://notcve.org/view.php?id=CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. sapi/cgi/cgi_main.c en PHP antes de v5.3.12 y v5.4.x antes de v5.4.2, cuando se configura como un script CGI (también conocido como php-cgi), no maneja correctamente las cadenas de consulta que carecen de un carácter = (signo igual), lo que permite a atacantes remotos ejecutar código arbitrario mediante la colocación de línea de comandos en la cadena de consulta, relacionado con el fallo de saltarse cierto php_getopt para el caso de la 'd'. sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code. • https://www.exploit-db.com/exploits/29290 https://www.exploit-db.com/exploits/29316 https://www.exploit-db.com/exploits/18836 https://www.exploit-db.com/exploits/18834 https://github.com/0xl0k1/CVE-2012-1823 https://github.com/drone789/CVE-2012-1823 http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://li • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 2%CPEs: 49EXPL: 5CVE-2012-1172 – php: $_FILES array indexes corruption
https://notcve.org/view.php?id=CVE-2012-1172
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. La aplicación de carga de archivos en rfc1867.c en PHP anterior a v5.4.0 no maneja correctamente caracteres válidos [(corchete abierto) en los valores de nombre, lo que hace que sea más fácil para atacantes remotos causar una denegación de servicio ( indices $ _FILES malformados) o llevar a cabo ataques transversales de directorio durante la carga de archivos aprovechándose de un script que carece de las restricciones de nombre del propio fichero. • http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/ • CWE-20: Improper Input Validation •