Page 49 of 568 results (0.010 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2012-0831 – php: PG(magic_quote_gpc) was not restored on shutdown

https://notcve.org/view.php?id=CVE-2012-0831

PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. PHP anterior a v5.3.10 no realizan de forma adecuada un cambio temporal a la directiva magic_quotes_gpc durante la importación de variables de entorno, lo que simplifica a atacantes remotos conducir ataques de inyección SQL a través de peticiones manipuladaas, relacionado con main/php_variables.c, sapi/cgi/cgi_main.c, y sapi/fpm/fpm/fpm_main.c. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html http://rhn.redhat.com/errata/RHSA-2013-1307.html h • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 88%CPEs: 1EXPL: 4

CVE-2012-0830 – PHP 5.4.0RC6 (x64) - Denial of Service

https://notcve.org/view.php?id=CVE-2012-0830

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885. La función php_register_variable_ex en php_variables.c en PHP v5.3.9 permite a atacantes remotos ejecutar código de su elección a través de una solicitud que contenga un gran número de variable. Se trata de un problema relacionado con el manejo inadecuado de las variables de tipo matriz (array). NOTA: Esta vulnerabilidad existe debido a una corrección incorrecta para el CVE-2011-4885. • https://www.exploit-db.com/exploits/18460 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://marc.info/?l=bugtraq&m=134012830914727&w=2 http://openwall.com/lists/oss-security/2012/02/02/12 http://openwall.com/lists/oss-security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •

CVSS: 6.4EPSS: 0%CPEs: 47EXPL: 0

CVE-2012-0057 – php: XSLT file writing vulnerability

https://notcve.org/view.php?id=CVE-2012-0057

PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. PHP en versiones anteriores a la 5.3.9 tiene configuraciones de seguridad libxslt inapropiadas, lo que permite a atacantes remotos crear ficheros arbitrarios a través de hojas de estilo XSLT que utilizan una extensión libxslt. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html http://openwall.com/lists/oss-security/2012/01/13/10 http://openwall.com/lists/oss-security/2012/01/13/4 http://openwall.com/lists/oss-security/2012/01/13/5 http://openwall.com • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 4

CVE-2012-0781 – PHP 5.3.8 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2012-0781

The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153. La función tidy_diagnose de PHP v5.3.8 podría permitir a atacantes remotos provocar una denegación de servicio (puntero a NULL y caída de la aplicación) a través del ingreso de determinados datos a una aplicación que intenta realizar operaciones tidy::diagnose sobre objetos no válidos. Se trata de una vulnerabilidad diferente a la CVE -2011-4153. • https://www.exploit-db.com/exploits/18370 http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html http://cxsecurity.com/research/103 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://secunia.com/advisories/48668 http://www.exploit-db.com/exploits/18370 https://access.redhat.com/security/cve/CVE-2012-0781 https://bugzilla.redhat.com/show_bug.cgi?id=782951 • CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •

CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 4

CVE-2011-4153 – PHP 5.3.8 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-4153

PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c. PHP v5.3.8 no siempre comprueba el valor devuelto de la función zend_strndup, lo que podría permitir a atacantes remotos provocar una denegación de servicio (borrado de referencia a puntero nulo y caída de la aplicación) a través de una entrada especificamente diseñada para este fin a una aplicación que realiza operaciones de 'strndup' (duplicación) de cadenas de datos no confiables. Esto se puede demostrar con la función 'define' en zend_builtin_functions.c, y funciones no especificadas en ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c y main/php_open_temporary_file.c. PHP version 5.3.8 suffers from multiple NULL pointer dereference vulnerabilities. • https://www.exploit-db.com/exploits/18370 http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html http://cxsecurity.com/research/103 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html http://marc.info/?l=bugtraq&m=134012830914727&w=2&# • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •