69 results (0.006 seconds)

CVSS: 9.8EPSS: 96%CPEs: 5EXPL: 54

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. En las versiones de PHP 8.1.* anteriores a 8.1.29, 8.2.* anteriores a 8.2.20, 8.3.* anteriores a 8.3.8, cuando se usa Apache y PHP-CGI en Windows, si el sistema está configurado para usar ciertas páginas de códigos, Windows puede utilizar el comportamiento "Mejor ajuste" para reemplazar caracteres en la línea de comando proporcionada a las funciones de la API de Win32. El módulo PHP CGI puede malinterpretar esos caracteres como opciones de PHP, lo que puede permitir a un usuario malintencionado pasar opciones al binario PHP que se está ejecutando y, por lo tanto, revelar el código fuente de los scripts, ejecutar código PHP arbitrario en el servidor, etc. PHP versions prior to 8.3.8 suffer from a remote code execution vulnerability. • https://github.com/BTtea/CVE-2024-4577-RCE-PoC https://github.com/K3ysTr0K3R/CVE-2024-4577-EXPLOIT https://github.com/manuelinfosec/CVE-2024-4577 https://github.com/zomasec/CVE-2024-4577 https://github.com/cybersagor/CVE-2024-4577 https://github.com/l0n3m4n/CVE-2024-4577-RCE https://github.com/bughuntar/CVE-2024-4577 https://github.com/watchtowrlabs/CVE-2024-4577 https://github.com/xcanwin/CVE-2024-4577-PHP-RCE https://github.com/TAM-K592/CVE-2024-4577 https:/ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 3%CPEs: 15EXPL: 1

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. La implementación de referencia de Keccak XKCP SHA-3 versiones anteriores a fdc6fef, presenta un desbordamiento de enteros y un desbordamiento de búfer resultante que permite a atacantes ejecutar código arbitrario o eliminar las propiedades criptográficas esperadas. Esto ocurre en la interfaz de la función sponge A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. • https://csrc.nist.gov/projects/hash-functions/sha-3-project https://eprint.iacr.org/2023/331 https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658 https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org&# • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 2

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, la vulnerabilidad permite a atacantes de la red y del mismo sitio establecer una cookie no segura estándar en el navegador de la víctima que es tratada como una cookie "__Host-" o "__Secure-" por las aplicaciones PHP A vulnerability was found in PHP due to the way PHP handles HTTP variable names. It interferes with HTTP variable names that clash with ones that have a specific semantic meaning. This vulnerability allows network and same-site attackers to set a standard insecure cookie in the victim's browser, which is treated as a `__Host-` or `__Secure-` cookie by PHP applications, posing a threat to data integrity. • https://github.com/silnex/CVE-2022-31629-poc http://www.openwall.com/lists/oss-security/2024/04/12/11 https://bugs.php.net/bug.php?id=81727 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY https://lists.fedoraproject.org/archives/list/package- • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, el código del descompresor phar descomprimía recursivamente archivos gzip "quines", resultando en un bucle infinito A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. • https://bugs.php.net/bug.php?id=81726 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV https://security.gentoo.org/glsa/202211-03 https:/ • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16. XMB es vulnerable a un ataque de tipo cross-site scripting (XSS) debido a un filtrado inadecuado de la entrada de BBCode. Este bug afecta a todas las versiones de XMB. • https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://forums.xmbforum2.com/viewthread.php?tid=777105 https://www.xmbforum2.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •