Page 61 of 354 results (0.013 seconds)

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. Múltiples desbordamientos de búfer en libgd de PHP versiones anteriores a 5.2.4 permiten a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección mediante un valor largo (1) srcW ó (2) srcH en la función gdImageCopyResized, o un valor largo (3) sy (altura) ó (4) sx (anchura) en la función (b) gdImageCreate ó (c) gdImageCreateTrueColor. • http://bugs.gentoo.org/show_bug.cgi?id=201546 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/26871 http://secunia.com/advisories/26895 http://secunia.com/advisories/26930 http://secunia.com/advisories/26967 http://secunia.com/advisories/27102 http://secunia.c • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions. Múltiples desbordamientos de búfer en php_iisfunc.dll de la extensión iisfunc para PHP 5.2.0 y anteriores permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección, probablemente durante una conversión Unicode, como se ha demostrado con una cadena larga en el primer argumento para la función iis_getservicestate, relacionado con el argumento ServideId para las funciones (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, y posiblemente otras. • https://www.exploit-db.com/exploits/4318 http://www.securityfocus.com/bid/25452 https://exchange.xforce.ibmcloud.com/vulnerabilities/36262 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 3

Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function. Desbordamiento de búfer en php_win32std.dll en la extensión win32std para PHP 5.2.0 y anteriores permite a atacantes dependientes del contexto ejecutar código de su elección a través de una cadena larga en el argumento nombre de archivo (filename) en la función win_browse_file. • https://www.exploit-db.com/exploits/4303 https://www.exploit-db.com/exploits/4302 https://www.exploit-db.com/exploits/4293 http://www.securityfocus.com/bid/25414 https://exchange.xforce.ibmcloud.com/vulnerabilities/36118 •

CVSS: 6.8EPSS: 35%CPEs: 17EXPL: 1

Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments. Los múltiples desbordamientos de enteros en la función chunk_split en PHP versión 5 anterior a 5.2.3 y PHP versión 4 anterior a 4.4.8, permiten a los atacantes remotos causar una denegación de servicio (bloqueo) o ejecutar código arbitrario por medio de los argumentos (1) chunks, (2) srclen, y (3) chunklen. • https://www.exploit-db.com/exploits/30117 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://osvdb.org/36083 http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/25456 http://secunia.com/advisories/25535 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. La función substr_count en PHP 5.2.1 y versiones anteriores permite a atacantes locales o remotos dependientes del contexto obtener información confidencial mediante vectores no especificados, una función afectada distinta de CVE-2007-1375. • http://osvdb.org/34730 http://secunia.com/advisories/26895 http://us2.php.net/releases/5_2_2.php http://www.attrition.org/pipermail/vim/2007-May/001621.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •