Page 58 of 461 results (0.048 seconds)

CVSS: 5.0EPSS: 2%CPEs: 35EXPL: 2

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot). session.c en la extesión session en PHP anteriores a v5.2.13, y v5.3.1, no interpreta de forma adecuada los carácteres ";" en el argumento sobre la función session_save_path, lo que permites a atacantes dependiendo del contexto saltar las restricciones open_basedir y safe_mode a través de un argumento que contiene varios caracteres ";" junto a ".." punto punto. • https://www.exploit-db.com/exploits/33625 http://secunia.com/advisories/38708 http://securityreason.com/achievement_securityalert/82 http://securityreason.com/securityalert/7008 http://securitytracker.com/id?1023661 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?r1=293036&r2=294272 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?view=log http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/s • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.4EPSS: 0%CPEs: 13EXPL: 2

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function. El Linear Congruential Generator (LCG) en PHP anteriores a v5.2.13 no provee la entropía esperada, lo que hace más fácil para atacantes dependiendo del contexto adivinar valores que deberían ser impredecibles, como se demostró con cookies de sesión generadas utilizando la función uniqid. • https://www.exploit-db.com/exploits/33677 http://secunia.com/advisories/38708 http://secunia.com/advisories/42410 http://www.php.net/ChangeLog-5.php http://www.php.net/releases/5_2_13.php http://www.redhat.com/support/errata/RHSA-2010-0919.html http://www.securityfocus.com/bid/38430 http://www.vupen.com/english/advisories/2010/0479 http://www.vupen.com/english/advisories/2010/3081 https://access.redhat.com/security/cve/CVE-2010-1128 https://bugzilla.redhat& • CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function. La implementación de safe_mode en PHP anteriores a v5.2.13 no manejan de forma adecuada las rutas de los nombres de directorios que no tienen un carácter "/" (barra), lo que permite a usuarios dependiendo del contexto saltarse las restricciones de intentos de acceso a través de vectores relativos al uso de la función tempsam. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://secunia.com/advisories/38708 http://secunia.com/advisories/40551 http://securitytracker.com/id?1023661 http://support.apple.com/kb/HT4312 http://www.php.net/ChangeLog-5.php http://www.php.net/releases/5_2_13.php http://www.securityfocus.com/bid/38431 http://www.vupen.com/english/advisories/2010/0479 http://www& • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 38EXPL: 0

The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences. La función deserializada (unserialize) en PHP 5.3.0 y anteriores permite a atacantes dependientes del contexto causar una denegación de servicio (consumo de recursos) a través una variables anidadas profundamente, como queda demostrada con una cadena inicializada con a:1: seguida de una larga secuencia {a:1: . • http://www.suspekt.org/2009/11/28/shocking-news-in-php-exploitation http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 1%CPEs: 108EXPL: 0

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. PHP versiones anteriores a v5.2.12 no maneja adecuadamente los datos de sesión, teniendo un impacto no especificado y vectores de ataque relacionado con (1) la interrupción de corrupción de la selección SESSION superglobal y (2) la directiva session.save_path. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://secunia.com/advisories/37821 http://secunia.com/advisories/38648 http://secunia.com/advisories/40262 http://secunia.com/advisories/41480 http://secunia.com/advisories/41490 http://support.apple.com/kb/HT4077 http://www.debian.org/security/2010/dsa-2001 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 http://ww •