Page 47 of 239 results (0.024 seconds)

CVSS: 7.5EPSS: 95%CPEs: 52EXPL: 10

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. sapi/cgi/cgi_main.c en PHP antes de v5.3.12 y v5.4.x antes de v5.4.2, cuando se configura como un script CGI (también conocido como php-cgi), no maneja correctamente las cadenas de consulta que carecen de un carácter = (signo igual), lo que permite a atacantes remotos ejecutar código arbitrario mediante la colocación de línea de comandos en la cadena de consulta, relacionado con el fallo de saltarse cierto php_getopt para el caso de la 'd'. sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code. • https://www.exploit-db.com/exploits/29290 https://www.exploit-db.com/exploits/29316 https://www.exploit-db.com/exploits/18836 https://www.exploit-db.com/exploits/18834 https://github.com/0xl0k1/CVE-2012-1823 https://github.com/drone789/CVE-2012-1823 http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://li • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 93%CPEs: 119EXPL: 4

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. sapi/cgi/cgi_main.c de PHP anteriores a 5.3.13 y 5.4.x anteriores a 5.4.3, si está configurado como un script CGI (php-cgi), no maneja apropiadamente cadenas de petición que contienen una secuencia %3D pero ningún = (signo igual). Lo que permite a atacantes remotos ejecutar código arbitrario colocando opciones de comandos en la cadena de petición. Relacionado con la falta de supresión de un determinado php_getopt para el caso 'd'. NOTA: esta vulnerabilidad se debe a una solución incompleta de CVE-2012-1823. • https://www.exploit-db.com/exploits/29290 https://www.exploit-db.com/exploits/29316 https://www.exploit-db.com/exploits/18836 https://www.exploit-db.com/exploits/18834 http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html http://lists.opensuse.org/opensu • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.4EPSS: 2%CPEs: 49EXPL: 5

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. La aplicación de carga de archivos en rfc1867.c en PHP anterior a v5.4.0 no maneja correctamente caracteres válidos [(corchete abierto) en los valores de nombre, lo que hace que sea más fácil para atacantes remotos causar una denegación de servicio ( indices $ _FILES malformados) o llevar a cabo ataques transversales de directorio durante la carga de archivos aprovechándose de un script que carece de las restricciones de nombre del propio fichero. • http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/ • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. PHP anterior a v5.3.10 no realizan de forma adecuada un cambio temporal a la directiva magic_quotes_gpc durante la importación de variables de entorno, lo que simplifica a atacantes remotos conducir ataques de inyección SQL a través de peticiones manipuladaas, relacionado con main/php_variables.c, sapi/cgi/cgi_main.c, y sapi/fpm/fpm/fpm_main.c. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html http://rhn.redhat.com/errata/RHSA-2013-1307.html h • CWE-20: Improper Input Validation •

CVSS: 6.4EPSS: 88%CPEs: 10EXPL: 1

Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. Un desbordamiento de entero en la función exif_process_IFD_TAG en el fichero exif.c de la extensión exif de PHP v5.4.0 beta2 en las plataformas de 32 bits permite a atacantes remotos leer los contenidos de ubicaciones de memoria aleatorias o causar una denegación de servicio a través de un valor de offset_val concreto en una cabecera EXIF en un archivo JPEG. Se trata de una vulnerabilidad diferente a CVE-2.011-0708. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://rhn.redhat.com/errata/RHSA-2012-0071.html http://secunia.com/advisories/47253 http://secunia.com/advisories/48668 http://support.apple.com/kb/HT5281 http://www.debian.org/security/2012/dsa-2399 http://www.mandriva.com/security/advisories?name=MDVSA-2011:197 http://www.redhat.com/support/errata/RHSA-2012-0019.html http:/& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •