Page 50 of 249 results (0.012 seconds)

CVSS: 7.5EPSS: 95%CPEs: 81EXPL: 2

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. La función asn1_time_to_time_t en ext / openssl / openssl.c en PHP anterior a 5.3.28, 5.4.x aterior a 5.4.23 y 5.5.x anterior de 5.5.7 no trata correctamente las marcas de tiempo (timestamps) (1) notBefore y (2) notAfter en certificados X 0.509 , lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un certificado manipulado que no está tratado adecuadamente por la función openssl_x509_parse. The PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer. This problem can be triggered by x509 certificates that contain NUL bytes in their notBefore and notAfter timestamp fields and leads to a memory corruption that might result in arbitrary code execution. • https://www.exploit-db.com/exploits/30395 http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c1224573c773b6845e83505f717fbf820fc18415 http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html http://rhn.redhat.com/errata/RHSA-2013-1813.html http://rhn.redhat.com/errata/RHSA-2013-1815.html http://rhn.redhat.com/errata/RHSA • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 59%CPEs: 15EXPL: 0

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. La función de análisis en ext/date/lib/parse_iso_intervals.c de PHP hasta la versión 5.5.6 no restringe adecuadamente la creación de objetos DateInterval, lo que podría permitir a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) a través de una especificación de intervalo manipulada. A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=12fe4e90be7bfa2a763197079f68f5568a14e071 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://www.debian.org/security/2013/dsa-2816 http://www.ubuntu.com/usn/USN-2055-1 https://bugs.php.net/bug.php?id=66060 https://h20564&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 2

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. Un error de regresión en la función phpinfo de PHP 4.4.3 a 4.4.6, y PHP 6.0 en CVS, permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) mediante valores en los vectores GET, POST, o COOKIE, los cuales no son "escapados" en la salida de phpinfo, como fue originalmente apuntado en CVE-2005-3388. • https://www.exploit-db.com/exploits/3405 http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://us2.php.net/releases/4_4_7.php http://www.osvdb.org/32774 http://www.php-security.org/MOPB/MOPB-08-2007.html http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 •

CVSS: 9.3EPSS: 5%CPEs: 85EXPL: 0

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21031 http://secunia.com/advisories/21050 •