CVE-2012-2376 – PHP 5.4.3 (Windows x86 Polish) - Code Execution
https://notcve.org/view.php?id=CVE-2012-2376
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012. Desbordamiento de búfer en la función com_print_typeinfo en PHP v5.4.3 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o ejecutar código de su elección mediante argumentos que provocan una gestión incorrecta de objetos COM de tipo VARIAN, como el explotado en mayo de 2012. • https://www.exploit-db.com/exploits/18861 http://isc.sans.edu/diary.html?storyid=13255 http://openwall.com/lists/oss-security/2012/05/20/2 http://www.exploit-db.com/exploits/18861 http://www.securitytracker.com/id?1027089 https://bugzilla.redhat.com/show_bug.cgi?id=823464 https://exchange.xforce.ibmcloud.com/vulnerabilities/75778 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-2329 – PHP 5.4.3 - apache_request_headers Function Buffer Overflow
https://notcve.org/view.php?id=CVE-2012-2329
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request. Desbordamiento de buffer en la función apache_request_headers de sapi/cgi/cgi_main.c de PHP 5.4.x anteriores a la 5.4.3 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una cadena extensa en la cabecera de una petición HTTP. • https://www.exploit-db.com/exploits/19231 http://secunia.com/advisories/49014 http://www.php.net/ChangeLog-5.php#5.4.3 http://www.php.net/archive/2012.php#id2012-05-08-1 http://www.securityfocus.com/bid/53455 https://bugs.php.net/bug.php?id=61807 https://bugzilla.redhat.com/show_bug.cgi?id=820000 https://exchange.xforce.ibmcloud.com/vulnerabilities/75545 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-2335
https://notcve.org/view.php?id=CVE-2012-2335
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. php-wrapper.fcgi no maneja apropiadamente argumentos de línea de comandos, lo que permite a atacantes remotos evitar mecanismos de protección de PHP 5.3.12 y 5.4.2 y ejecutar código arbitrario utilizando una interacción inapropiada entre el componente PHP sapi/cgi/cgi_main.c y una cadena de petición que comienza con una secuencia +-. • http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823 http://git.php.net/?p=php-src.git%3Ba=blob%3Bf=sapi/cgi/cgi_main.c%3Bh=a7ac26f0#l1569 http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html http://secunia.com/advisories/49014 http://www.kb.cert.org/vuls/id/520827 http://www.php.net/archive/2012.php#id2012-05-06-1 https://bugs.php.net/bug.php?id=61910 h • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-2336 – Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-2336
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. sapi/cgi/cgi_main.c de PHP anteriores a 5.3.13 y 5.4.x anteriores 5.4.3, si está configurado como script CGI (php-cgi), no maneja apropiadamente las cadenas de texto que no tienen un caracter = (signo de igualdad), lo que permite a atacantes remotos provocar una denegación de servicio (consumo de recursos) colocando opciones de línea de comandos en esta cadena. Relacionada con la falta de supresión de una php_getopt determinado para el caso 'T'. NOTA: esta vulnerabilidad existe por una solución incompleta de CVE-2012-1823. • https://www.exploit-db.com/exploits/29290 https://www.exploit-db.com/exploits/29316 https://www.exploit-db.com/exploits/18836 https://www.exploit-db.com/exploits/18834 http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html http://secunia.com/advisories/49014 http://www.php.net/ChangeLog-5.php#5.4.3 http://www.php.net/archive/2012.php#id2012-05-08-1 https://bugs.php.ne • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVE-2012-1823 – PHP-CGI Query String Parameter Vulnerability
https://notcve.org/view.php?id=CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. sapi/cgi/cgi_main.c en PHP antes de v5.3.12 y v5.4.x antes de v5.4.2, cuando se configura como un script CGI (también conocido como php-cgi), no maneja correctamente las cadenas de consulta que carecen de un carácter = (signo igual), lo que permite a atacantes remotos ejecutar código arbitrario mediante la colocación de línea de comandos en la cadena de consulta, relacionado con el fallo de saltarse cierto php_getopt para el caso de la 'd'. sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code. • https://www.exploit-db.com/exploits/29290 https://www.exploit-db.com/exploits/29316 https://www.exploit-db.com/exploits/18836 https://www.exploit-db.com/exploits/18834 https://github.com/0xl0k1/CVE-2012-1823 https://github.com/drone789/CVE-2012-1823 http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://li • CWE-20: Improper Input Validation •