CVE-2012-0831 – php: PG(magic_quote_gpc) was not restored on shutdown
https://notcve.org/view.php?id=CVE-2012-0831
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. PHP anterior a v5.3.10 no realizan de forma adecuada un cambio temporal a la directiva magic_quotes_gpc durante la importación de variables de entorno, lo que simplifica a atacantes remotos conducir ataques de inyección SQL a través de peticiones manipuladaas, relacionado con main/php_variables.c, sapi/cgi/cgi_main.c, y sapi/fpm/fpm/fpm_main.c. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html http://rhn.redhat.com/errata/RHSA-2013-1307.html h • CWE-20: Improper Input Validation •
CVE-2012-0788 – PHP PDORow Object - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2012-0788
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. La implementación de PDORow en PHP anterior a v5.3.9 no interactúan adecuadamente con la función de la sesión, que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de una aplicación hecha a mano que utiliza un controlador para una DOP a buscar y luego llama a la función session_start , como lo demuestra una caída del servidor HTTP Apache. • https://www.exploit-db.com/exploits/36682 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://secunia.com/advisories/48668 http://www.php.net/ChangeLog-5.php#5.3.9 https://bugs.php.net/bug.php?id=55776 https://bugzilla.redhat.com/show_bug.cgi?id=783605 • CWE-20: Improper Input Validation •
CVE-2012-0830 – PHP 5.4.0RC6 (x64) - Denial of Service
https://notcve.org/view.php?id=CVE-2012-0830
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885. La función php_register_variable_ex en php_variables.c en PHP v5.3.9 permite a atacantes remotos ejecutar código de su elección a través de una solicitud que contenga un gran número de variable. Se trata de un problema relacionado con el manejo inadecuado de las variables de tipo matriz (array). NOTA: Esta vulnerabilidad existe debido a una corrección incorrecta para el CVE-2011-4885. • https://www.exploit-db.com/exploits/18460 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://marc.info/?l=bugtraq&m=134012830914727&w=2 http://openwall.com/lists/oss-security/2012/02/02/12 http://openwall.com/lists/oss-security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVE-2012-0057 – php: XSLT file writing vulnerability
https://notcve.org/view.php?id=CVE-2012-0057
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. PHP en versiones anteriores a la 5.3.9 tiene configuraciones de seguridad libxslt inapropiadas, lo que permite a atacantes remotos crear ficheros arbitrarios a través de hojas de estilo XSLT que utilizan una extensión libxslt. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html http://openwall.com/lists/oss-security/2012/01/13/10 http://openwall.com/lists/oss-security/2012/01/13/4 http://openwall.com/lists/oss-security/2012/01/13/5 http://openwall.com • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-0781 – PHP 5.3.8 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0781
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153. La función tidy_diagnose de PHP v5.3.8 podría permitir a atacantes remotos provocar una denegación de servicio (puntero a NULL y caída de la aplicación) a través del ingreso de determinados datos a una aplicación que intenta realizar operaciones tidy::diagnose sobre objetos no válidos. Se trata de una vulnerabilidad diferente a la CVE -2011-4153. • https://www.exploit-db.com/exploits/18370 http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html http://cxsecurity.com/research/103 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://secunia.com/advisories/48668 http://www.exploit-db.com/exploits/18370 https://access.redhat.com/security/cve/CVE-2012-0781 https://bugzilla.redhat.com/show_bug.cgi?id=782951 • CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •