CVE-2008-5498 – PHP 5.2.8 gd library - 'imageRotate()' Information Leak
https://notcve.org/view.php?id=CVE-2008-5498
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image. Error de índice de array en la función imageRotate en PHP 5.2.8 y anteriores permite a atacantes dependientes del contexto leer los contenidos de posiciones de memoria de su elección mediante un valor manipulado del tercer argumento (también conocido como el argumento bgd_color o clrBack) para una imagen indexada. • https://www.exploit-db.com/exploits/7646 http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=u http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-5557 – php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)
https://notcve.org/view.php?id=CVE-2008-5557
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions. Desbordamiento de búfer basado en montículo en ext/mbstring/libmbfl/filters/mbfilter_htmlent.c en la extensión mbstring en PHP v4.3.0 hasta v5.2.6 permite a atacantes, dependiendo del contexto, ejecutar código arbitrario a través de una cadena manipulada conteniendo una entidad HTML, la cual no es manejada de forma adecuada durante la conversión a Unicode, relativo a (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, y (4) funciones mb_parse_str. • http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html http://bugs.php.net/bug.php?id=45722 http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c?r1=1.7&r2=1.8 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2008-5658 – php: ZipArchive:: extractTo() Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2008-5658
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences. Vulnerabilidad de salto de directorio en la función ZipArchive::extractTo de PHP 5.2.6 y anteriores, permite a atacantes dependientes del contexto escribir ficheros de su elección a través de un archivo ZIP con un fichero que contenga la secuencia .. (punto punto). • http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://osvdb.org/50480 http://secunia.com/advisories/35003 http://secunia.com/advisories/35306 http://secunia.com/advisories/35650 http://wiki.rpath.com/Advisories:rPSA-2009-0035 http://www.debian.org/security/2009/dsa-1789 http: • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-5625 – PHP 5.2.6 - 'error_log' Safe_mode Bypass
https://notcve.org/view.php?id=CVE-2008-5625
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file. PHP 5 versiones anteriores a 5.2.7 no cumple las restricciones error_log safe_mode cuando safe_mode está activado a través de un parámetro php_admin_flag en httpd.conf, el cual permite a los atacantes dependiente de contexto escribir arbitrariamente archivos colocando una entrada "php_value error_log" en un archivo .htaccess. • https://www.exploit-db.com/exploits/7171 http://archives.neohapsis.com/archives/bugtraq/2008-11/0152.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://osvdb.org/52205 http://secunia.com/advisories/35650 http://securityreason.com/achievement_securityalert/57 http://wiki.rpath.com/Advisories:rPSA-2009-0035 http://www.mandriva.com/security/advisories?name=MDVSA-2009:045 http://www.php.net/ChangeLog-5.php#5.2& • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5624
https://notcve.org/view.php?id=CVE-2008-5624
PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable. PHP 5 en versiones anteriores a 5.2.7, no inicializa propiamente las variable page_uid y page_gid global para ser usadas por la función SAPI php_getuid, el cual permite a los atacante dependientes de contexto evitar la restricciones safe_mode a través de parámetros variables que pretende ser restringida para el directorio raíz, como demuestra por un parámetro de /etc para la variable error_log. • http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://osvdb.org/50483 http://osvdb.org/52207 http://secunia.com/advisories/35003 http://secunia.com/advisories/35650 http://securityreason.com/achievement_securityalert/59 http://wiki.rpath.com/Advisories:rPSA-2009-0035 http://www.debian.org/security/2009/dsa-1789 http://www.mandriva.com/security/advisories?name=MDVSA-2009:045 http://www.php.net/ChangeLog-5.php# • CWE-264: Permissions, Privileges, and Access Controls •