Page 69 of 589 results (0.031 seconds)

CVSS: 10.0EPSS: 1%CPEs: 108EXPL: 0

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. PHP versiones anteriores a v5.2.12 no maneja adecuadamente los datos de sesión, teniendo un impacto no especificado y vectores de ataque relacionado con (1) la interrupción de corrupción de la selección SESSION superglobal y (2) la directiva session.save_path. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://secunia.com/advisories/37821 http://secunia.com/advisories/38648 http://secunia.com/advisories/40262 http://secunia.com/advisories/41480 http://secunia.com/advisories/41490 http://support.apple.com/kb/HT4077 http://www.debian.org/security/2010/dsa-2001 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 http://ww •

CVSS: 4.3EPSS: 2%CPEs: 111EXPL: 4

The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. La función htmlspecialchars en PHP versiones anteriores a v5.2.12 no maneja adecuadamente (1) secuencias UTF-8 demasiado largas, (2) secuencias inválidas Shift_JIS, y (39 secuencias inválidas EUC-JP, permitiendo a atacantes remotos dirigir ataques de secuencias de comandos en sitios cruzados (XSS) poniendo secuencias de bytes modificados antes de un carácter especial. • https://www.exploit-db.com/exploits/33414 https://www.exploit-db.com/exploits/33415 http://bugs.php.net/bug.php?id=49785 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://secunia.com/advisories/37821 http://secunia.com/advisories/38648 http://secunia.com/advisories/40262 http://securitytracker.com/id?1023372 http://support.apple.com/kb/HT4077 http://www.debian.org/security/2010/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 1%CPEs: 110EXPL: 4

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. La función zend_restore_ini_entry_cb en zend_ini.c en PHP v5.3.0, v5.2.10, y anteriores permite a atacantes dependientes del contexto conseguir información sensible (contenidos de memoria) y produce una caída PHP mediante la utilización de la función ini_set para declarar una variable, cuando se utiliza la funcion ini_restore para restaurar la variable. PHP suffers from an ini_restore() related memory information disclosure vulnerability. • https://www.exploit-db.com/exploits/10296 https://www.exploit-db.com/exploits/33162 https://www.exploit-db.com/exploits/33163 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540605 http://secunia.com/advisories/37482 http://securityreason.com/achievement_securityalert/65 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/Zend/zend_ini.c?r1=272370&r2=284156 http://www.debian.org/security/2009/dsa-1940 http://www.securityfocus.com/bid/36009 •

CVSS: 7.5EPSS: 2%CPEs: 110EXPL: 2

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable. La función proc_open en ext/standard/proc_open.c en PHP anterior a v5.2.11 y v5.3.x anterior a v5.3.1 no aplica adecuadamente las directivas (1) safe_mode_allowed_env_vars y (2) safe_mode_protected_env_vars, lo que permite dependientes del contexto a atacantes ejecutar programas con un entorno de su elección a través del parámetro env, como se ha demostrado por un valor manipulado de la variable del entorno LD_LIBRARY_PATH. • https://www.exploit-db.com/exploits/11636 http://bugs.php.net/bug.php?id=49026 http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://marc.info/?l=oss-security&m=125886770008678&w=2 http://marc.info/?l=oss-security&m=125897935330618&w=2 http://secunia.com/advisories/40262 http://secunia.com/advisories/41480 http://secunia.com/advisories/41490 http://svn.php.net/viewvc/? • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 5%CPEs: 14EXPL: 1

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive. PHP v5.2.11, y v5.3.x antes de v5.3.1, no restringen el número de archivos temporales creados al manipular una solicitud POST multipart/form-data, lo que permite a atacantes remotos causar una denegación de servicio (por agotamiento de recursos), y facilita a los atacantes remotos aprovecharse de las vulnerabilidades de inclusión de archivos locales, a través de múltiples peticiones, en relación a la falta de apoyo a la directiva max_file_uploads. • https://www.exploit-db.com/exploits/10242 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://news.php.net/php.announce/79 http://seclists.org/fulldisclosure/2009/Nov/228 http://secunia.com/advisories/37482 http://secunia.com/advisories/37821 http://secunia.com/advisories/40262 http://secunia.com/advisories/41480 http://secunia.com/advisories/41490 http://support.apple.com/kb/HT4077 ht • CWE-770: Allocation of Resources Without Limits or Throttling •