Page 69 of 472 results (0.012 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. Vulnerabilidad de salto de directorio en PHP versiones anteriores a 5.2.4 permite a atacantes evitar restricciones open_basedir mediante vectores no especificados involucrando la función glob. • http://secunia.com/advisories/26642 http://secunia.com/advisories/26838 http://secunia.com/advisories/27102 http://secunia.com/advisories/27377 http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.php.net/ChangeLog-5.php#5.2.4 http://www.php.net/releases/5_2_4.php http://www.vupen.com/english/advisories/2007/3023 https://exchange.xforce.ibmcloud.com/vulnerabilities/36386 https://issues.rpath.com/browse/RPL-1693 https://issues.rpath.com/browse • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872. La función chunk_split en string.c en PHP 5.2.3 no calcula adecuadamente el tamaño de búfer necesario debido a la pérdida de precisión cuando se realizan operaciones de entero con números con punto flotante, lo cual tiene vectores de ataque e impacto desconocido, posiblemente como resultado de un desbordamiento de búfer basado en pila. NOTA: esto puede ser debido a un parche incompleto para CVE-2007-2872. • http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://secunia.com/advisories/26642 http://secunia.com/advisories/26838 http://secunia.com/advisories/27102 http://secunia.com/advisories/27864 http://secunia.com/advisories/28658 http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.php.net/ChangeLog-5.php#5.2.4 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. Múltiples desbordamientos de entero en PHP 4 anterior a 4.4.8, y PHP 5 anterior a 5.2.4, permite a atacantes remotos obtener información sensible (contenido de memoria) o provocar denegación de servicio (caida de hilo) a través de un valor de len grande en la función (1) strspn o (2) strcspn, lo cual dispara un lectura fuera de límite. NOTA: estos afecta a diferentes versiones de producto que al CVE-2007-3996. • http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/27102 http://secunia.com/advisories/27377 http://secunia.com/advisories/27864 http://secunia.com/advisories/28249 http://secunia.com/advisories/28318 http://secunia.com/advisories/28936 http://secunia.com/advisories/30288 http://secweb.se/en/advisories/php-strcspn-information-leak-vulnerability http://slackware.com/security/viewer.php?l=slackware& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. Desbordamiento de búfer en la función php_openssl_make_REQ de PHP versiones anteriores a 5.2.4 tiene impacto desconocido y vectores de ataque. • http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/27102 http://secunia.com/advisories/27377 http://secunia.com/advisories/27864 http://secunia.com/advisories/28249 http://www.debian.org/security/2008/dsa-1444 http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.php.net/ChangeLog-5.php#5.2.4 http://www.php.net/releases/5_2_4.php http://www.trustix. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0

The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. La función zend_alter_ini_entry de PHP versiones anteriores a 5.2.4 no gestiona apropiadamente una interrupción al flujo de ejecución disparado por una violación memory_limit, que tiene un impacto desconocido y vectores de ataque. • http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/27102 http://secunia.com/advisories/27377 http://secunia.com/advisories/28249 http://www.debian.org/security/2008/dsa-1444 http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.php.net/ChangeLog-5.php#5.2.4 http://www.php.net/releases/5_2_4.php http://www.trustix.org/errata/2007/0026 http://www •