CVE-2012-0057 – php: XSLT file writing vulnerability
https://notcve.org/view.php?id=CVE-2012-0057
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. PHP en versiones anteriores a la 5.3.9 tiene configuraciones de seguridad libxslt inapropiadas, lo que permite a atacantes remotos crear ficheros arbitrarios a través de hojas de estilo XSLT que utilizan una extensión libxslt. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html http://openwall.com/lists/oss-security/2012/01/13/10 http://openwall.com/lists/oss-security/2012/01/13/4 http://openwall.com/lists/oss-security/2012/01/13/5 http://openwall.com • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-4885 – PHP 5.3.8 - Hashtables Denial of Service
https://notcve.org/view.php?id=CVE-2011-4885
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. PHP anterior a v5.3.9 calcula los valores hash de los parámetros de forma, sin restringir la capacidad de desencadenar colisiones hash predecible, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío de gran cantidad de parámetros a mano. • https://www.exploit-db.com/exploits/18296 https://www.exploit-db.com/exploits/18305 https://www.exploit-db.com/exploits/2012 http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html ht • CWE-20: Improper Input Validation •
CVE-2011-4566 – php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure
https://notcve.org/view.php?id=CVE-2011-4566
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. Un desbordamiento de entero en la función exif_process_IFD_TAG en el fichero exif.c de la extensión exif de PHP v5.4.0 beta2 en las plataformas de 32 bits permite a atacantes remotos leer los contenidos de ubicaciones de memoria aleatorias o causar una denegación de servicio a través de un valor de offset_val concreto en una cabecera EXIF en un archivo JPEG. Se trata de una vulnerabilidad diferente a CVE-2.011-0708. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://rhn.redhat.com/errata/RHSA-2012-0071.html http://secunia.com/advisories/47253 http://secunia.com/advisories/48668 http://support.apple.com/kb/HT5281 http://www.debian.org/security/2012/dsa-2399 http://www.mandriva.com/security/advisories?name=MDVSA-2011:197 http://www.redhat.com/support/errata/RHSA-2012-0019.html http:/& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2011-3336 – Libc - 'regcomp()' Stack Exhaustion Denial of Service
https://notcve.org/view.php?id=CVE-2011-3336
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. regcomp en la implementación BSD de libc, es vulnerable a una denegación de servicio debido al agotamiento de la pila. Mac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp(). • https://www.exploit-db.com/exploits/36288 http://seclists.org/fulldisclosure/2014/Mar/166 http://www.securityfocus.com/bid/50541 https://cxsecurity.com/issue/WLB-2011110082 https://www.securityfocus.com/archive/1/520390 • CWE-400: Uncontrolled Resource Consumption •
CVE-2011-3379
https://notcve.org/view.php?id=CVE-2011-3379
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. La función de PHP v5.3.7 y v5.3.8 activa una llamada a la función __autoload, lo que hace más fácil para los atacantes remotos ejecutar código arbitrario mediante una URL y el aprovechamiento de los comportamientos potencialmente peligrosos en ciertos paquetes de PEAR y cargadores automáticos de medida. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://securityreason.com/securityalert/8525 http://svn.php.net/viewvc/?view=revision&revision=317183 http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8 http://www.securityfocus.com/archive/1/519770/30/0/threaded https://bugs.php.net/bug.php?id=55475 https://bugzilla.redhat.com/show_bug.cgi?id=741020 • CWE-94: Improper Control of Generation of Code ('Code Injection') •