Page 59 of 405 results (0.013 seconds)

CVSS: 5.0EPSS: 0%CPEs: 23EXPL: 1

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function. Múltiples vulnerabilidades de Salto de Directorio en PHP 5.2.6 permiten a los atacantes según contexto saltarse las restricciones safe_mode creando un subdirectorio denominado http: y colocando después secuencias ../ (punto punto barra) en un argumento http URL en la función (1) chdir o (2) ftok. • https://www.exploit-db.com/exploits/31937 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/32746 http://secunia.com/advisories/35074 http://secunia.com/advisories/35650 http://security.gentoo.org/glsa/glsa-200811-05.xml http://securityreason.com/achievement_securityalert/55 http://securityreason.com/securityalert/3942 http: • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 2

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. La macro GENERATE_SEED de PHP 4.x versiones anteriores a la 4.4.8 y 5.x versiones anteriores a la 5.2.5, cuando se ejecuta en sistemas de 64 bits, realiza un producto que genera una porción de bits cero durante la conversión debido a la falta de precisión, lo que provoca 24 bits de entropía y simplifican los ataques por fuerza bruta contra mecanismos de protección que utilizan la secuencia generada y las funciones mt-rand. • http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html http://secunia.com/advisories/30757 http://secunia.com/advisories/30828 http://secunia.com/advisories/31119 http://secunia.com/advisories/31124 http://secunia.com/advisories/31200 http://secunia.com/advisories/32746 http://secunia.com/advisories/35003 http://security.gentoo.org/glsa/glsa-200811-05.xml http://securityreason.com/securityalert/3859 http://www.debian.org/security/2009/dsa-1789 http://www.man • CWE-331: Insufficient Entropy •

CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 2

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed. La macro GENERATE_SEED de PHP 4.x versiones anteriores a la 4.4.8 y 5.x versiones anteriores a la 5.2.5, cuando se ejecuta en sistemas de 32 bits, realiza un producto usando valores que pueden generar una semilla cero en circunstancias excepcionales, lo cual permite a atacantes según contexto, adivinar valores posteriores de la secuencia generada y las funciones mt_rand, y posiblemente evitar los mecanismos de protección que dependen de una semilla inicial desconocida. • http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://secunia.com/advisories/30757 http://secunia.com/advisories/30828 http://secunia.com/advisories/30967 http://secunia.com/advisories/31119 http://secunia.com/advisories/31124 http://secunia.com/advisories/31200 http://secunia.com/advisories/32746 http://secunia.com/advisories/35003 http://security.gentoo.org/glsa/glsa-200811-05.xml • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 2%CPEs: 25EXPL: 0

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars." La función escapeshellcmd API en PHP anterior a 5.2.6 tiene impacto desconocido y vectores de ataque dependientes del contexto relacionados con "caracteres multibyte incompletos". • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://secunia.com/advisories/30048 http://secunia.com/advisories/30083 http://secunia.com/advisories/30158 http://secunia.com/advisories/30288 http://secunia.com/advisories/30345 http://secunia.com/advisories/30411 http://secunia.com/advisories/30757 http://secunia.com/advisories/30828 http://secunia.com/advisories/30967 http:/&#x •

CVSS: 10.0EPSS: 12%CPEs: 9EXPL: 1

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. La función init_request_info en sapi/cgi/cgi_main.c en PHP en versiones anteriores a 5.2.6 no considera correctamente la precedencia del operador cuando calcula la longitud de PATH_TRANSLATED, lo que podrían permitir a atacantes remotos ejecutar código arbitrario a través de una URI manipulada. • http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/30048 http://secunia.com/advisories/30083 http:/ • CWE-131: Incorrect Calculation of Buffer Size •