Page 48 of 240 results (0.011 seconds)

CVSS: 5.0EPSS: 0%CPEs: 31EXPL: 1

CVE-2013-3735

https://notcve.org/view.php?id=CVE-2013-3735

The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id. ** EN DISPUTA ** El Zend Engine en PHP anterior a v5.4.16 RC1, y v5.5.0 anterior a RC2, no determina de forma precisa si ocurre un error del analizador sintáctica, lo que permite a atacantes dependiendo del contexto provocar una denegación de servicio (consumo de memoria y caída de la aplicación) a través de una definición de una función manipulada, como se demostró por un ataque en un entorno de alojamiento Web. NOTA: la página http://php.net/security-note.php del distribuidor dice "para situaciones críticas de seguridad debería usar seguridad a nivel de sistema operativo" ejecutando múltipls servidores, cada uno con su propia ID." • https://bugs.php.net/bug.php?id=64660 https://github.com/php/php-src/blob/php-5.4.16RC1/NEWS https://github.com/php/php-src/blob/php-5.5.0RC2/NEWS https://github.com/php/php-src/commit/fb58e69a84f4fde603a630d2c9df2fa3be16d846 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 137EXPL: 0

CVE-2013-1643 – php: Ability to read arbitrary files due use of external entities while parsing SOAP WSDL files

https://notcve.org/view.php?id=CVE-2013-1643

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824. El parser SOAP en PHP v5.3.22 y v5.4.x anterior a v5.4.13 permite a atacantes remotos leer archivos de su elección a través de un archivo SOAP WSDL conteniendo una entidad externa XML en relación con una referencia de entidad, relacionada con la External Entity (XXE) XML en las funciones soap_xmlParseFile y soap_xmlParseMemory. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=8e76d0404b7f664ee6719fd98f0483f0ac4669d6 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html http://rhn.redhat.com/errata/RHSA-2013-1307.html http://rhn.redhat.com/errata/RHSA-2013-1615.html http://secunia.com/advisor • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 1%CPEs: 137EXPL: 0

CVE-2013-1635

https://notcve.org/view.php?id=CVE-2013-1635

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. ext/soap/soap.c en PHP anterior a v5.3.22 y v5.4.x anterior a v5.4.13 no valida la relacion entre la directiva soap.wsdl_cache_dir y la directiva open_basedir, lo que permite a atacantes remotos eludir las restricciones de acceso mediante la creación de ficheros SOAP WSDL cacheados en un directorio arbitrario. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221 http://git.php.net/?p=php-src.git%3Ba=blob%3Bf=NEWS%3Bh=36f6f9a4396d3034cc903a4271e7fdeccc5d3ea6%3Bhb=refs/heads/PHP-5.4 http://git.php.net/?p=php-src.git%3Ba=blob%3Bf=NEWS%3Bh=82afa3a040e639f3595121e45b850d5453906a00%3Bhb=refs/heads/PHP-5.3 http://git.php.net/?p=php-src.git%3Ba=commitdiff%3Bh=702b436ef470cc02f8e2cc21f2fadeee42103c74 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.opensuse.org/opensuse-s • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 2

CVE-2007-1287 – PHP 4.4.3 < 4.4.6 - 'PHPinfo()' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2007-1287

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. Un error de regresión en la función phpinfo de PHP 4.4.3 a 4.4.6, y PHP 6.0 en CVS, permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) mediante valores en los vectores GET, POST, o COOKIE, los cuales no son "escapados" en la salida de phpinfo, como fue originalmente apuntado en CVE-2005-3388. • https://www.exploit-db.com/exploits/3405 http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://us2.php.net/releases/4_4_7.php http://www.osvdb.org/32774 http://www.php-security.org/MOPB/MOPB-08-2007.html http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 •

CVSS: 9.3EPSS: 5%CPEs: 85EXPL: 0

CVE-2006-3017

https://notcve.org/view.php?id=CVE-2006-3017

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21031 http://secunia.com/advisories/21050 •