CVSS: 7.5EPSS: 93%CPEs: 119EXPL: 4CVE-2012-2311 – Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-2311
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. sapi/cgi/cgi_main.c de PHP anteriores a 5.3.13 y 5.4.x anteriores a 5.4.3, si está configurado como un script CGI (php-cgi), no maneja apropiadamente cadenas de petición que contienen una secuencia %3D pero ningún = (signo igual). Lo que permite a atacantes remotos ejecutar código arbitrario colocando opciones de comandos en la cadena de petición. Relacionado con la falta de supresión de un determinado php_getopt para el caso 'd'. NOTA: esta vulnerabilidad se debe a una solución incompleta de CVE-2012-1823. • https://www.exploit-db.com/exploits/29290 https://www.exploit-db.com/exploits/29316 https://www.exploit-db.com/exploits/18836 https://www.exploit-db.com/exploits/18834 http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html http://lists.opensuse.org/opensu • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 91%CPEs: 52EXPL: 11CVE-2012-1823 – PHP-CGI Query String Parameter Vulnerability
https://notcve.org/view.php?id=CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. sapi/cgi/cgi_main.c en PHP antes de v5.3.12 y v5.4.x antes de v5.4.2, cuando se configura como un script CGI (también conocido como php-cgi), no maneja correctamente las cadenas de consulta que carecen de un carácter = (signo igual), lo que permite a atacantes remotos ejecutar código arbitrario mediante la colocación de línea de comandos en la cadena de consulta, relacionado con el fallo de saltarse cierto php_getopt para el caso de la 'd'. sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code. • https://www.exploit-db.com/exploits/29290 https://www.exploit-db.com/exploits/29316 https://www.exploit-db.com/exploits/18836 https://www.exploit-db.com/exploits/18834 https://github.com/0xl0k1/CVE-2012-1823 https://github.com/drone789/CVE-2012-1823 http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://li • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 2%CPEs: 49EXPL: 5CVE-2012-1172 – php: $_FILES array indexes corruption
https://notcve.org/view.php?id=CVE-2012-1172
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. La aplicación de carga de archivos en rfc1867.c en PHP anterior a v5.4.0 no maneja correctamente caracteres válidos [(corchete abierto) en los valores de nombre, lo que hace que sea más fácil para atacantes remotos causar una denegación de servicio ( indices $ _FILES malformados) o llevar a cabo ataques transversales de directorio durante la carga de archivos aprovechándose de un script que carece de las restricciones de nombre del propio fichero. • http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/ • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 7%CPEs: 45EXPL: 3CVE-2012-0789 – PHP 5.3.8 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2012-0789
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache. Pérdida de memoria en la funcionalidad timezona en PHP antes de v5.3.9, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) lanzando múltiples llamadas a la función strtotime, que no son manejadas apropiadamente por la caché php_date_parse_tzfile. • https://www.exploit-db.com/exploits/36789 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://secunia.com/advisories/48668 http://www.php.net/ChangeLog-5.php#5.3.9 https://bugs.php.net/bug.php?id=53502 https://bugzilla.redhat.com/show_bug.cgi?id=783609 https://access.redhat.com/security/cve/CVE-2012-0789 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.0EPSS: 19%CPEs: 45EXPL: 1CVE-2012-0788 – PHP PDORow Object - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2012-0788
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. La implementación de PDORow en PHP anterior a v5.3.9 no interactúan adecuadamente con la función de la sesión, que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de una aplicación hecha a mano que utiliza un controlador para una DOP a buscar y luego llama a la función session_start , como lo demuestra una caída del servidor HTTP Apache. • https://www.exploit-db.com/exploits/36682 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://secunia.com/advisories/48668 http://www.php.net/ChangeLog-5.php#5.3.9 https://bugs.php.net/bug.php?id=55776 https://bugzilla.redhat.com/show_bug.cgi?id=783605 • CWE-20: Improper Input Validation •