CVSS: 6.8EPSS: 5%CPEs: 61EXPL: 1CVE-2015-3330 – php: pipelined request executed in deinitialized interpreter under httpd 2.4
https://notcve.org/view.php?id=CVE-2015-3330
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." La función php_handler en sapi/apache2handler/sapi_apache2.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8, cuando Apache HTTP Server 2.4.x está utilizado, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de solicitudes HTTP segmentadas que resultan en un 'interprete desconfigurado.' A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://openwall.com/lists/oss-security/2015/04/17/7 http://php.net/ChangeLog-5.php http://rhn.redhat.com&# • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVSS: 5.8EPSS: 5%CPEs: 58EXPL: 1CVE-2015-2783 – php: buffer over-read in Phar metadata parsing
https://notcve.org/view.php?id=CVE-2015-2783
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. ext/phar/phar.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permite a atacantes remotos obtener información sensible de la memoria de procesos o causar una denegación de servicio (sobre lectura de buffer y caída de aplicación) a través de un valor de longitud manipulado en conjunto con datos seializados manipulados en un archivo phar, relacionado con las funciones phar_parse_metadata y phar_parse_pharfile. A buffer over-read flaw was found in PHP's phar (PHP Archive) paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1066.html http://rhn.redhat.com/errata/RHSA-2015-1135.html http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 71%CPEs: 67EXPL: 1CVE-2015-3329 – php: buffer overflow in phar_set_inode()
https://notcve.org/view.php?id=CVE-2015-3329
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. Múltiples desbordamientos de buffer basado en pila en la función phar_set_inode en phar_internal.h en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permiten a atacantes remotos ejecutar código arbitrario a través de un valor de longitud manipulado en un archivo (1) tar, (2) phar, o (3) ZIP. A buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1066.html http://rhn.redhat.com/errata& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2014-8089
https://notcve.org/view.php?id=CVE-2014-8089
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. Una vulnerabilidad de inyección SQL en Zend Framework versiones anteriores a 1.12.9, versiones 2.2.x anteriores a 2.2.8 y versiones 2.3.x anteriores a 2.3.3, cuando se usa la extensión PHP sqlsrv, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio de un byte null. • http://framework.zend.com/security/advisory/ZF2014-06 http://seclists.org/oss-sec/2014/q4/276 http://www.securityfocus.com/bid/70011 https://bugzilla.redhat.com/show_bug.cgi?id=1151277 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-1859
https://notcve.org/view.php?id=CVE-2014-1859
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py y (4) lib/tests/test_io.py en NumPy en versiones anteriores a la 1.8.1 permiten que los usuarios locales escriban en archivos arbitrarios mediante un ataque symlink en un archivo temporal. • http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html http://www.openwall.com/lists/oss-security/2014/02/08/3 http://www.securityfocus.com/bid/65440 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778 https://bugzilla.redhat.com/show_bug.cgi?id=1062009 https://exchange.xforce.ibmcloud.com/vulnerabilities/91317 https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •